Identify And Eliminating Online Application Misbehaviors by Static Analysis Approach

Authors(2) :-P Abdul Habeeb, Md Ateeq Ur Rahman

An extensive research work on web application security has been continuing for over 10 years, the security of web applications keeps on being a difficult issue. An essential some portion of that issue gets from unprotected source code, regularly written in risky dialects like PHP. Source code static investigation devices are response for discover vulnerabilities, however they have a tendency to produce false positives, and require extensive work for software engineers to resolve the code. We investigate the utilization of a mix of strategies to find vulnerabilities in source code with less false positives. We combine Taint analysis, which discovers hopeful vulnerabilities, with information mining, to predict the presence of false positives. This approach unites two methodologies that are obviously orthogonal: people coding the information about vulnerabilities (for Taint Analysis), joined with the apparently orthogonal approach of consequently getting that information (with machine learning, for information mining). Given this upgraded type of detection, we propose doing programmed code remedy by embeddings settles in the source code. Our approach was executed in the WAP device, and an investigative assessment was performed with an expansive arrangement of PHP applications. Our apparatus discovered 388 vulnerabilities in 1.4 million lines of code. Its exactness and accuracy were roughly 5% superior to PhpMinerII's and 45% superior to Pixy's.

Authors and Affiliations

P Abdul Habeeb
Department of Computer Science & Engineering, Shadan College of Engineering & Technology, Hyderabad, Telangana, India
Md Ateeq Ur Rahman
Department of Computer Science & Engineering, Shadan College of Engineering & Technology, Hyderabad, Telangana, India

Data Mining, Web Protection, Input Validation Vulnerabilities, Software Security, Source Code Static Analysis, Web Applications, PHP

  1. G. T. Buehrer, B. W. Weide, and P. Sivilotti, "Using parse tree validation to prevent SQL injection attacks," in Proc. 5th Int. Workshop Software Engineering and Middleware, Sep. 2005, pp. 106-113.
  2. N. Jovanovic, C. Kruegel, and E. Kirda, "Precise alias analysis for static detection of web application vulnerabilities," inProc. 2006Workshop Programming Languages and Analysis for Security, Jun. 2006, pp. 27-36.
  3. G. Wassermann and Z. Su, "Sound and precise analysis of web applications for injection vulnerabilities," in Proc. 28th ACM SIGPLAN Conf. Programming Language Design and Implementation, 2007, pp. 32-41.
  4. E. Arisholm, L. C. Briand, and E. B. Johannessen, "A systematic and comprehensive investigation of methods to build and evaluate fault prediction models," J. Syst. Softw., vol. 83, no. 1, pp. 2-17, 2010.
  5. L. K. Shar and H. B. K. Tan, "Mining input sanitization patterns for predicting SQL injection and cross site scripting vulnerabilities," in Proc. 34th Int. Conf. Software Engineering, 2012, pp. 1293-1296.
  6. T. Pietraszek and C. V. Berghe, "Defending against injection attacks through context-sensitive string evaluation," in Proc. 8th Int. Conf. Recent Advances in Intrusion Detection, 2005, pp. 124-145.
  7. S. Lessmann, B. Baesens, C. Mues, and S. Pietsch, "Benchmarking classification models for software defect prediction: A proposed framework and novel findings," IEEE Trans. Softw. Eng., vol. 34, no. 4, pp. 485-496, 2008.

Publication Details

Published in : Volume 2 | Issue 5 | September-October 2017
Date of Publication : 2017-10-31
License:  This work is licensed under a Creative Commons Attribution 4.0 International License.
Page(s) : 525-530
Manuscript Number : CSEIT1725129
Publisher : Technoscience Academy

ISSN : 2456-3307

Cite This Article :

P Abdul Habeeb, Md Ateeq Ur Rahman, "Identify And Eliminating Online Application Misbehaviors by Static Analysis Approach", International Journal of Scientific Research in Computer Science, Engineering and Information Technology (IJSRCSEIT), ISSN : 2456-3307, Volume 2, Issue 5, pp.525-530, September-October-2017.
Journal URL : http://ijsrcseit.com/CSEIT1725129

Article Preview

Follow Us

Contact Us