scholarly journals Improving Web Application Vulnerability Detection Leveraging Ensemble Fuzzing

2021 ◽  
Author(s):  
João Caseirito ◽  
Ibéria Medeiros
Keyword(s):  
Web Application ◽  
Vulnerability Detection

scholarly journals Web Application Vulnerability Detection Using Taint Analysis and Black-box Testing

2020 ◽  
Vol 879 ◽  
pp. 012031 ◽  
Author(s):  
Heribertus Yulianton ◽  
Agung Trisetyarso ◽  
Wayan Suparta ◽  
Bahtiar Saleh Abbas ◽  
Chul Ho Kang
Keyword(s):  
Web Application ◽  
Black Box ◽  
Vulnerability Detection ◽  
Taint Analysis ◽  
Black Box Testing

scholarly journals AndroShield: Automated Android Applications Vulnerability Detection, a Hybrid Static and Dynamic Analysis Approach

Information ◽  
2019 ◽  
Vol 10 (10) ◽  
pp. 326 ◽  
Author(s):  
Amr Amin ◽  
Amgad Eldessouki ◽  
Menna Tullah Magdy ◽  
Nouran Abdeen ◽  
Hanan Hindy ◽  
...  
Keyword(s):  
Dynamic Analysis ◽  
Static Analysis ◽  
Mobile Applications ◽  
Web Application ◽  
Hybrid Approach ◽  
High Rate ◽  
Vulnerability Detection ◽  
Security Testing ◽  
Static And Dynamic Analysis ◽  
Android Applications

The security of mobile applications has become a major research field which is associated with a lot of challenges. The high rate of developing mobile applications has resulted in less secure applications. This is due to what is called the “rush to release” as defined by Ponemon Institute. Security testing—which is considered one of the main phases of the development life cycle—is either not performed or given minimal time; hence, there is a need for security testing automation. One of the techniques used is Automated Vulnerability Detection. Vulnerability detection is one of the security tests that aims at pinpointing potential security leaks. Fixing those leaks results in protecting smart-phones and tablet mobile device users against attacks. This paper focuses on building a hybrid approach of static and dynamic analysis for detecting the vulnerabilities of Android applications. This approach is capsuled in a usable platform (web application) to make it easy to use for both public users and professional developers. Static analysis, on one hand, performs code analysis. It does not require running the application to detect vulnerabilities. Dynamic analysis, on the other hand, detects the vulnerabilities that are dependent on the run-time behaviour of the application and cannot be detected using static analysis. The model is evaluated against different applications with different security vulnerabilities. Compared with other detection platforms, our model detects information leaks as well as insecure network requests alongside other commonly detected flaws that harm users’ privacy. The code is available through a GitHub repository for public contribution.

scholarly journals Efficiency and Effectiveness of Web Application Vulnerability Detection Approaches: A Review

2022 ◽  
Vol 54 (9) ◽  
pp. 1-35
Author(s):  
Bing Zhang ◽  
Jingyue Li ◽  
Jiadong Ren ◽  
Guoyan Huang
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Vulnerability Detection ◽  
Research Gaps ◽  
Systematic Analysis ◽  
Study Results ◽  
Efficiency And Effectiveness ◽  
Technical Details ◽  
Effectiveness And Efficiency ◽  
Test Suites

Most existing surveys and reviews on web application vulnerability detection (WAVD) approaches focus on comparing and summarizing the approaches’ technical details. Although some studies have analyzed the efficiency and effectiveness of specific methods, there is a lack of a comprehensive and systematic analysis of the efficiency and effectiveness of various WAVD approaches. We conducted a systematic literature review (SLR) of WAVD approaches and analyzed their efficiency and effectiveness. We identified 105 primary studies out of 775 WAVD articles published between January 2008 and June 2019. Our study identified 10 categories of artifacts analyzed by the WAVD approaches and 8 categories of WAVD meta-approaches for analyzing the artifacts. Our study’s results also summarized and compared the effectiveness and efficiency of different WAVD approaches on detecting specific categories of web application vulnerabilities and which web applications and test suites are used to evaluate the WAVD approaches. To our knowledge, this is the first SLR that focuses on summarizing the effectiveness and efficiencies of WAVD approaches. Our study results can help security engineers choose and compare WAVD tools and help researchers identify research gaps.

Validation and Optimization of Vulnerability Detection on Web Application

2020 ◽  
Author(s):  
Sagarika Yadav ◽  
Calvin Crasto ◽  
Saqib Syed ◽  
Shafaque Syed
Keyword(s):  
Web Application ◽  
Vulnerability Detection
Sign in / Sign up

Export Citation Format

Share Document