Multi-Cluster Visualization and Live Reporting of Static Analysis Security Testing (SAST) Warnings

2019 ◽  
Author(s):  
Abhishek Pathak ◽  
Kaarthik Sivakumar ◽  
Mazhar Haque ◽  
Prasanna Ganesan
Keyword(s):  
Static Analysis ◽  
Security Testing ◽  
Cluster Visualization

scholarly journals AndroShield: Automated Android Applications Vulnerability Detection, a Hybrid Static and Dynamic Analysis Approach

Information ◽  
2019 ◽  
Vol 10 (10) ◽  
pp. 326 ◽  
Author(s):  
Amr Amin ◽  
Amgad Eldessouki ◽  
Menna Tullah Magdy ◽  
Nouran Abdeen ◽  
Hanan Hindy ◽  
...  
Keyword(s):  
Dynamic Analysis ◽  
Static Analysis ◽  
Mobile Applications ◽  
Web Application ◽  
Hybrid Approach ◽  
High Rate ◽  
Vulnerability Detection ◽  
Security Testing ◽  
Static And Dynamic Analysis ◽  
Android Applications

The security of mobile applications has become a major research field which is associated with a lot of challenges. The high rate of developing mobile applications has resulted in less secure applications. This is due to what is called the “rush to release” as defined by Ponemon Institute. Security testing—which is considered one of the main phases of the development life cycle—is either not performed or given minimal time; hence, there is a need for security testing automation. One of the techniques used is Automated Vulnerability Detection. Vulnerability detection is one of the security tests that aims at pinpointing potential security leaks. Fixing those leaks results in protecting smart-phones and tablet mobile device users against attacks. This paper focuses on building a hybrid approach of static and dynamic analysis for detecting the vulnerabilities of Android applications. This approach is capsuled in a usable platform (web application) to make it easy to use for both public users and professional developers. Static analysis, on one hand, performs code analysis. It does not require running the application to detect vulnerabilities. Dynamic analysis, on the other hand, detects the vulnerabilities that are dependent on the run-time behaviour of the application and cannot be detected using static analysis. The model is evaluated against different applications with different security vulnerabilities. Compared with other detection platforms, our model detects information leaks as well as insecure network requests alongside other commonly detected flaws that harm users’ privacy. The code is available through a GitHub repository for public contribution.

DETECTING SERVER-SIDE ENDPOINTS IN WEB APPLICATIONS BASED ON STATIC ANALYSIS OF CLIENT-SIDE JavaScript CODE

2021 ◽  
pp. 32-54
Author(s):  
D. A. Sigalov ◽  
◽  
A. A. Khashaev ◽  
D. Yu. Gamayunov ◽  
◽  
...  
Keyword(s):  
Static Analysis ◽  
Web Application ◽  
Web Applications ◽  
Security Analysis ◽  
Endpoint Detection ◽  
Security Testing ◽  
Application Security ◽  
Server Side ◽  
Dynamic Web ◽  
Client Side

The problem of server-side endpoint detection in the context of blackbox security analysis of dynamic web applications is considered. We propose a method to increase coverage of server-side endpoint detection using static analysis of client-side JavaScript code to find functions which generate HTTP requests to the server-side of the application and reconstruct parameters for those functions. In the context of application security testing, static analysis allows to find such functions even in dead or unreachable JavaScript code, which cannot be achieved by dynamic crawling or dynamic code analysis. Evaluation of the proposed method and its implementation has been done using synthetic web application with endpoints vulnerable to SQL injections, and the same application was used to compare the proposed method with existing solutions. Evaluation results show that adding JavaScript static analysis to traditional dynamic crawling of web applications may significantly improve server-side endpoint coverage in blackbox application security analysis.

Security Test by using F T M and Data Allocation Strategies on Leakage Detection

2005 ◽  
Vol 4 (2) ◽  
pp. 393-400
Author(s):  
Pallavali Radha ◽  
G. Sireesha
Keyword(s):  
Third Party ◽  
Distributed Data ◽  
Data Allocation ◽  
Security Testing ◽  
Sensitive Data ◽  
Sample Data ◽  
The One ◽  
Security Test ◽  
Data Request ◽  
Allocation Strategies

The data distributors work is to give sensitive data to a set of presumably trusted third party agents.The data i.e., sent to these third parties are available on the unauthorized places like web and or some ones systems, due to data leakage. The distributor must know the way the data was leaked from one or more agents instead of as opposed to having been independently gathered by other means. Our new proposal on data allocation strategies will improve the probability of identifying leakages along with Security attacks typically result from unintended behaviors or invalid inputs.  Due to too many invalid inputs in the real world programs is labor intensive about security testing.The most desirable thing is to automate or partially automate security-testing process. In this paper we represented Predicate/ Transition nets approach for security tests automated generationby using formal threat models to detect the agents using allocation strategies without modifying the original data.The guilty agent is the one who leaks the distributed data. To detect guilty agents more effectively the idea is to distribute the data intelligently to agents based on sample data request and explicit data request. The fake object implementation algorithms will improve the distributor chance of detecting guilty agents.

Security Testing on Web Based Application

2018 ◽  
Vol 6 (12) ◽  
pp. 553-557
Author(s):  
A. Punitha ◽  
D. Sukanya Bai ◽  
K. Lavanya
Keyword(s):  
Security Testing ◽  
Web Based

Effects of openings on the seismic behavior and performance level of concrete shear walls

2019 ◽  
Author(s):  
Hossein Alimohammadi ◽  
Mostafa Dalvi Esfahani ◽  
Mohammadali Lotfollahi Yaghin
Keyword(s):  
Static Analysis ◽  
Cross Section ◽  
Seismic Behavior ◽  
Shear Walls ◽  
Shear Wall ◽  
Constant Cross Section ◽  
Added Resistance ◽  
Different Shapes ◽  
And Performance ◽  
Abaqus Software

In this study, the seismic behavior of the concrete shear wall considering the opening with different shapes and constant cross-section has been studied, and for this purpose, several shear walls are placed under the increasingly non-linear static analysis (Pushover). These case studies modeled in 3D Abaqus Software, and the results of the ductility coefficient, hardness, energy absorption, added resistance, the final shape, and the final resistance are compared to shear walls without opening.

Static Analysis Based Correctness Verification for Mandatory Access Control Framework

2009 ◽  
Vol 32 (4) ◽  
pp. 730-739 ◽  
Author(s):  
Xin-Song WU ◽  
Zhou-Yi ZHOU ◽  
Ye-Ping HE ◽  
Hong-Liang LIANG ◽  
Chun-Yang YUAN
Keyword(s):  
Access Control ◽  
Static Analysis ◽  
Mandatory Access Control ◽  
Control Framework
Sign in / Sign up

Export Citation Format

Share Document