scholarly journals A Web Application Vulnerability Detection Method Based on Web Crawler Technology

2016 ◽  
Vol 06 (06) ◽  
pp. 340-346
Author(s):  
全民 王
Keyword(s):  
Web Application ◽  
Detection Method ◽  
Vulnerability Detection ◽  
Web Crawler

scholarly journals Web Application Vulnerability Detection Using Taint Analysis and Black-box Testing

2020 ◽  
Vol 879 ◽  
pp. 012031 ◽  
Author(s):  
Heribertus Yulianton ◽  
Agung Trisetyarso ◽  
Wayan Suparta ◽  
Bahtiar Saleh Abbas ◽  
Chul Ho Kang
Keyword(s):  
Web Application ◽  
Black Box ◽  
Vulnerability Detection ◽  
Taint Analysis ◽  
Black Box Testing

scholarly journals AndroShield: Automated Android Applications Vulnerability Detection, a Hybrid Static and Dynamic Analysis Approach

Information ◽  
2019 ◽  
Vol 10 (10) ◽  
pp. 326 ◽  
Author(s):  
Amr Amin ◽  
Amgad Eldessouki ◽  
Menna Tullah Magdy ◽  
Nouran Abdeen ◽  
Hanan Hindy ◽  
...  
Keyword(s):  
Dynamic Analysis ◽  
Static Analysis ◽  
Mobile Applications ◽  
Web Application ◽  
Hybrid Approach ◽  
High Rate ◽  
Vulnerability Detection ◽  
Security Testing ◽  
Static And Dynamic Analysis ◽  
Android Applications

The security of mobile applications has become a major research field which is associated with a lot of challenges. The high rate of developing mobile applications has resulted in less secure applications. This is due to what is called the “rush to release” as defined by Ponemon Institute. Security testing—which is considered one of the main phases of the development life cycle—is either not performed or given minimal time; hence, there is a need for security testing automation. One of the techniques used is Automated Vulnerability Detection. Vulnerability detection is one of the security tests that aims at pinpointing potential security leaks. Fixing those leaks results in protecting smart-phones and tablet mobile device users against attacks. This paper focuses on building a hybrid approach of static and dynamic analysis for detecting the vulnerabilities of Android applications. This approach is capsuled in a usable platform (web application) to make it easy to use for both public users and professional developers. Static analysis, on one hand, performs code analysis. It does not require running the application to detect vulnerabilities. Dynamic analysis, on the other hand, detects the vulnerabilities that are dependent on the run-time behaviour of the application and cannot be detected using static analysis. The model is evaluated against different applications with different security vulnerabilities. Compared with other detection platforms, our model detects information leaks as well as insecure network requests alongside other commonly detected flaws that harm users’ privacy. The code is available through a GitHub repository for public contribution.

scholarly journals Research on Vulnerability Detection for Software Based on Taint Analysis

2013 ◽  
Vol 347-350 ◽  
pp. 3715-3720
Author(s):  
Bei Hai Liang ◽  
Bin Bin Qu ◽  
Sheng Jiang ◽  
Chu Tian Ye
Keyword(s):  
Web Sites ◽  
Input Data ◽  
Web Applications ◽  
Detection Method ◽  
Prototype System ◽  
Vulnerability Detection ◽  
User Input ◽  
Finite State ◽  
Treat All ◽  
Cross Site

At present, Cross Site Scripting (XSS) vulnerability exists in most web sites. The main reason is the lack of effective validation and filtering mechanisms for user input data from web request. This paper explores vulnerability detection method which based on taint dependence analysis and implements a prototype system for Java Web program. We treat all user input as tainted data, and track the flow of Web applications, then we judge whether it will trigger an attack or not. The taint dependent analysis algorithm mentioned in this paper is used to construct the taint dependency graph. Next the value representation method of the string tainted object based on finite state automata is discussed. Finally, we propose the vulnerability detection method for the program. The experiment result shows that the prototype system can detect reflection cross-site scripting vulnerability well in those programs which dont have effective treatment for the user input data.

Sign in / Sign up

Export Citation Format

Share Document