Open source web application security: A static analysis approach

机译：开源Web应用程序安全性：静态分析方法

获取原文

获取原文并翻译 | 示例

页面导航

摘要
著录项
相似文献
相关主题

摘要

In this paper, we have tested several open source web applications against common security vulnerabilities. These vulnerabilities spans from unnecessary data member declaration to leaving gaps for SQL injection. The static security vulnerabilities testing was done in three categories (1) Dodgy code vulnerabilities (2) Malicious code vulnerabilities (3) Security code vulnerabilities on seven (7) different web applications built in Java. It is evident from the obtained results that almost all selected applications have similar kind of vulnerabilities that might have been introduced due to hasty programming or lack of developer knowledge against security vulnerabilities. We recommend to create an intelligent development framework that can provide suggestions for secure development by overcoming common vulnerabilities, can add missing code and can learn from expert developer's practices to overcome the security vulnerabilities.

机译：在本文中，我们针对常见的安全漏洞测试了几个开源Web应用程序。这些漏洞的范围从不必要的数据成员声明到为SQL注入留出空白。静态安全漏洞测试分三类进行：（1）狡猾的代码漏洞（2）恶意的代码漏洞（3）在七（7）个用Java构建的不同Web应用程序上的安全代码漏洞。从获得的结果中可以明显看出，几乎所有选定的应用程序都具有类似的漏洞，这些漏洞可能是由于编程匆忙或缺乏针对安全漏洞的开发人员知识而引入的。我们建议创建一个智能开发框架，该框架可以通过克服常见漏洞为安全开发提供建议，可以添加缺少的代码，并且可以借鉴专家开发人员的实践来克服安全漏洞。

著录项

来源
《2016 International Conference on Engineering amp; MIS》|2016年|1-5|共5页
会议地点 Agadir(MA)
作者
Mamdouh Alenezi; Yasir Javed;
展开▼
作者单位

College of Computer Information Sciences, Prince Sultan University Riyadh 11586, Saudi Arabia;

College of Computer Information Sciences, Prince Sultan University Riyadh 11586, Saudi Arabia;

展开▼
会议组织
原文格式 PDF
正文语种 eng
中图分类
关键词
Security; Malware; Testing; Java; Manuals; Web services;

机译：安全性;恶意软件;测试; Java;手册; Web服务;

相似文献

外文文献
中文文献
专利

1. Benchmarking Approach to Compare Web Applications Static Analysis Tools Detecting OWASP Top Ten Security Vulnerabilities [J] . Juan R. Bermejo Higuera, Javier Bermejo Higuera, Juan A. Sicilia Montalvo, Computers, Materials & Continua . 2020,第3期

机译：基准测试方法以比较Web应用程序静态分析工具检测OWASP十大安全漏洞
2. The architecture and industry applications of web security in static and dynamic analysis [J] . Raymond Wu, Masayuki Hisada Journal of systems and information technology . 2010,第2期

机译：Web安全在静态和动态分析中的体系结构和行业应用
3. Static and dynamic analysis for web security in industry applications [J] . Raymond Wu, rnMasayuki Hisada International journal of electronic security and digital forensics . 2010,第2期

机译：工业应用中Web安全的静态和动态分析
4. Open source web application security: A static analysis approach [C] . Mamdouh Alenezi, Yasir Javed International Conference on Engineering MIS . 2016

机译：开源Web应用程序安全性：静态分析方法
5. Mitigating Bring Your Own Device Risks by Static Analysis Empowered by Knowledge Graphs from Open Web Application Security Project [D] . Schmeelk, Suzanna. 2020

机译：缓解通过从开放式Web应用程序安全项目的知识图表授权，使您自己的设备风险带来了静态分析
6. Supporting secure programming in web applications through interactive static analysis [O] . Jun Zhu, Jing Xie, Heather Richter Lipford, 2014

机译：通过交互式静态分析支持Web应用程序中的安全编程
7. March 2016 VOLUME 3, ISSUE 3, MARCH 2016 Composite Silicon Solar Cell Efficiency Simulation Study; Sensitivity to the Absorption Coefficients and the Thickness of Intrinsic Absorber Layer V. Tudić, M. Marochini, T. Luke Abstract PDF with Text DOI 10.17148/IARJSET.2016.3301 Molecular Phylogeny of Turbinaria Ornata (Turner) J. Agardh E. Neelamathi and R. Kannan Abstract PDF with Text DOI 10.17148/IARJSET.2016.3302 Human Factors in Aircraft Maintenance Suhas H Begur, Dr J Ashok Babu Abstract PDF with Text DOI 10.17148/IARJSET.2016.3303 Human Factors in Aircraft Maintenance Suhas H Begur, Dr J Ashok Babu Abstract PDF with Text DOI 10.17148/IARJSET.2016.3304 Foliar nutraceutical and antioxidant property of Diospyros lanceifolia Roxb. (Ebenaceae) – An important medicinal plant of Assam, India Dipjyoti Kalita, N. Devi and D. Baishya Abstract PDF with Text DOI 10.17148/IARJSET.2016.3305 Study of Ion Mobility Characteristics and Morphology of some Electrochemically-Synthesised Polypyrroles Danesh Roudini, Peter J. S. Foot Abstract PDF with Text DOI 10.17148/IARJSET.2016.3306 Physico-Chemical Characterization of an Artificial Pond to Control the Eutrophication Process: A Case Study Sameer Al-Asheh, Hani Abu Qdais, Adnan Alquraishi, Osama Husain, Ismail Sadoon Abstract PDF with Text DOI 10.17148/IARJSET.2016.3307 Survey: Recommendation System for Web Portal using Customer Segmentation Neha Badami, Vipul Wakkar, Monica Jain, Devendra Pandit Abstract PDF with Text DOI 10.17148/IARJSET.2016.3308 Web Archiving: Past Present and Future of Evolving Multimedia Legacy Meenakshi Srivastava, Dr. S.K. Singh, Dr. S.Q. Abbas Abstract PDF with Text DOI 10.17148/IARJSET.2016.3309 Labour Contract Management System Kajol Bhutada, Ketaki Kivade, Vishakha Gokhale, Pallavi Bhore, Prof. Shiv Prasad P. Patil Abstract PDF with Text DOI 10.17148/IARJSET.2016.3310 Minimization of Torque Ripple and Multi Quadrant Operation of Direct Torque Control for Three Phase Induction Motor Using Fuzzy Logic Controller P.Ramesh Babu, S. Ramprasath, N.Vijayasarathi Abstract PDF with Text DOI 10.17148/IARJSET.2016.3311 Alert Me: A Real Time Video Surveillance System Implementing IoT D.P Gaikwad, Pooja kumawat, Saurabh Bhalerao, Akhilesh Khalate, Hrishikesh Dongre Abstract PDF with Text DOI 10.17148/IARJSET.2016.3312 Validity, Reliability and Item Analysis of AMAIUB Admission Test Dr. Lina S. Calucag and Dr. Danilo A. Tabalan Abstract PDF with Text DOI 10.17148/IARJSET.2016.3313 Design and Analysis of Track and Hold Circuit for high speed communication Smita D. Waghmare, Dr. U. A. Kshirsagar Abstract PDF with Text DOI 10.17148/IARJSET.2016.3314 Design of Low Power Digitally Operated Voltage Regulator by using CMOS Technology Nikita V. Dhomane, Dr. U. A. Kshirsagar Abstract PDF with Text DOI 10.17148/IARJSET.2016.3315 Automation in Ration Distribution System Rajesh B.Shinde, Prof. A.G. Gaikwad, Prof. Sonali Chincholikar Abstract PDF with Text DOI 10.17148/IARJSET.2016.3316 Use of MnSo4 Sludge as a Partial Replacement for Cement in Concrete Golhar Ankush, Jogdand Mohini, Malvi Ketan, Salunke Swanand, Gorade Swapnil Abstract PDF with Text DOI 10.17148/IARJSET.2016.3317 Ethnobotanical Studies on Medicinal Plant Utilization by the Yanadhi Tribe of Ananthasagaram Mandal, Nellore District, Andhra Pradesh, India K. Sasdhar, P. Brahmajirao and A. Sujith Kumar Abstract PDF with Text DOI 10.17148/IARJSET.2016.3318 Effect of Soil Structure Interaction on the Storey Lateral Displacement of a Multi Storied Building Surya Teja Ch, Sai Kiran T Abstract PDF with Text DOI 10.17148/IARJSET.2016.3319 An Overview of Narcolepsy Touseef Rahman, Omer Farook, Md Belal Bin Heyat, Mohd Maroof Siddiqui Abstract PDF with Text DOI 10.17148/IARJSET.2016.3320 Significance of Air Movement for Thermal Comfort in Educational Buildings, Case Study of a Classroom Geethu Priya, Nagaraju Kaja Abstract PDF with Text DOI 10.17148/IARJSET.2016.3321 A Load Balancing Approach to Minimize the Resource Wastage in Cloud Computing Sachin Soni, Praveen Yadav Abstract PDF with Text DOI 10.17148/IARJSET.2016.3322 Modeling and Simulation of Fluidized Bed Drying of Chickpea S.N. Saha, G.P. Dewangan, R.S. Thakur Abstract PDF with Text DOI 10.17148/IARJSET.2016.3323 Photocatalytic-Ozonation of Textile Dyeing Wastewater using Fixed Catalyst System Rajendiran S, Shriram B, Kanmani S Abstract PDF with Text DOI 10.17148/IARJSET.2016.3324 Mesh less Analysis of Orthotropic Skew Plate under Sinusoidal Line Load Kumari Shipra Suman, Jeeoot Singh Abstract PDF with Text DOI 10.17148/IARJSET.2016.3325 Performance Analysis of 2*2 Dual Frequency Wide Band Circular Patch Antenna Array P. Sai Vinay Kumar, P. Jagadamba, M. N. Giri Prasad Abstract PDF with Text DOI 10.17148/IARJSET.2016.3326 A Multi-Cloud Approach Towards Addressing Security Issues of Cloud: A Survey Kumar M.V, Poornima A. S Abstract PDF with Text DOI 10.17148/IARJSET.2016.3327 Improved Efficiency of Boiler Plant with Different GCV and Carbon Percentage Ishan. P. Bhatt, C.P. Panchal Abstract PDF with Text DOI 10.17148/IARJSET.2016.3328 Industrial Automation using Sensing based Applications for Internet of Things Geetesh Chaudhari, Sudarshan Jadhav, Sandeep Batule, Sandeep Helkar Abstract PDF with Text DOI 10.17148/IARJSET.2016.3329 Assessment of Engineering Students Learning [O] . Hamdia Hmmad Alyazeedi 2016

机译：2016年3月第3卷，第3款，2016年3月复合硅太阳能电池效仿真研究;对吸收系数的敏感性和内在吸收层V.Tudić，M.Marochini，T. Luke摘要 PDF与文本 DOI 10.17148 / IARJSET.2016.3301 Turbinaria ornata（特纳）J. Agardh E. Neelamathi和R. Kannan摘要的分子系统PDF与文本 DOI 10.17148 / IARJSET.2016.3302在飞机维修中的人类因素Suhas H Begur，J Ashok Babu摘要博士 PDF与文本 DOI 10.17148 / IARJSET.2016.3303人类因素在飞机维修SUHAS H Begur，J Ashok Babu摘要摘要 PDF与文本 DOI 10.17148 / IARJSET.2016.3304叶面植物和抗氧化剂的Diospyros Lancefolia Roxb。（eBenaceae） - 印度Assam的重要药用植物Dipjyoti Kalita，N. Devi和D.Baishya摘要 PDF与文本 DOI 10.17148 / IARJSET.2016.3305离子迁移性特性和某些电化学综合的多滤网的形态的研究Danesh Roudini，Peter J. S. Stock PDF与文本 DOI 10.17148 / IARJSET.2016.3306人工池塘的物理化学表征控制富营养化过程：一个案例研究同样的Al-Asheh，Hani Abu Qdais，Adnan Alquraishi，Osama Husain，Ismail Sadoon Abstract PDF与文本 DOI 10.17148 / IARJSET.2016.3307调查显示：Web门户网站推荐系统使用客户细分Neha Badami，vipul Wakkar，Monica Jain，Devendra Pandit摘要 PDF与文本 DOI 10.17148 / IARJSET.2016.3308 Web归档：过去的现状和不断发展的多媒体遗产Meenakshi Srivastava，S.K. Singh，S.Q博士。 ABBAS摘要 PDF与文本 DOI 10.17148 / IARJSET.2016.3309劳动合同管理系统Kajol Bhutada，Ketaki Kivade，Vishakha Gokhalale，Pallavi Bhore，Shiv Prasad P. Putil摘要 PDF与文本 DOI 10.17148 / IARJSET.2016.310使用模糊逻辑控制器P.RAMESH BABU，S.RAMPRASATH，N.Vijayasarath，N.VijayasArathi摘要，最小化扭矩纹波和三相感应电动机直接扭矩控制的多象限操作。 PDF与文本 DOI 10.17148 / IARJSET.2016.3311提醒我：实时视频监控系统实施物联网D.P Gaikwad，Pooja Kumawat，Saurabh Bhalerao，Akhilesh Khalate，Hrishikesh Dongre摘要 PDF与文本 DOI 10.17148 / IARJSET.2016.3312 AMAIB录取测试的有效性，可靠性和物品分析林纳·卡卢格博士和Danilo A. Tabalan摘要 PDF与文本 DOI 10.17148 / IARJSET.2016.3313高速通信轨道和保持电路的设计与分析SMITA D. Waghmare，U. A. Kshirsagar摘要 PDF与文本 DOI 10.17148 / IARJSET.2016.3314使用CMOS Technology Nikita V. Dhomane的低功耗数字操作电压调节器设计，Dhomane，U. A. Kshirsagar摘要 PDF与文本 DOI 10.17148 / IARJSET.2016.3315配给分配系统RAJESH B.Shinde，A.G.GAIKWAD教授，Sonali Chincholikar教授摘要 PDF与文本 DOI 10.17148 / IARJSET.2016.3316使用MNSO4污泥作为水泥的局部替代品在混凝土戈霍尔ankush，Jogdand Mohini，Malvi Ketan，Salunke Swanand，Gorade Swapnil摘要 PDF与文本 DOI 10.17148 / IARJSET.2016.3317 Zhanthasagaram Mandal，Nellore District，Andhra Pradesh，India K. Sasdhar，P. Brahmajiroao和A.苏公爵Kumar摘要PDF与文本 DOI 10.17148 / IARJSET.2016.318土壤结构互动对多层建筑苏里亚TEJA CH，SAI KIRAN T摘要的楼层横向位移PDF与文本 DOI 10.17148 / IARJSET.2016.3311概述NARCHEPSY TOUTEEF RAHMAN，OMER FAROOK，MD BELAL BIN HEYAT，MOHD Maroof Siddiqui摘要 PDF与文本 DOI 10.17148 / IARJSET.2016.330在教育建筑中热舒适性的空气运动的意义，案例研究麦德鲁普里亚，Nagaraju Kaja摘要 PDF与文本 DOI 10.17148 / IARJSET.2016.3321一种负载均衡方法，以最大限度地减少云计算Sachin Soni，前列yadav摘要的资源浪费 PDF与文本 DOI 10.17148 / IARJSET.2016.3322 Chickpea S.N流化床干燥的建模与仿真萨哈，G.P.德湾，R.S. Thakur摘要 PDF与文本 DOI 10.17148 / IARJSET.2016.3323光催化纺织染料废水采用固定催化剂系统Rajendiran S，Shriram B，Kanmani S摘要 PDF与文本 DOI 10.17148 / IARJSET.2016.3324网眼较少分析正弦偏斜板在正弦线载荷kumari shipra suman，jeeoot singh摘要 PDF与文本 DOI 10.17148 / IARJSET.2016.325 2 * 2双频宽带圆形贴片天线阵列P. Sai Vinay Kumar，P.Jagadamba，M. N.Giri Prasad摘要摘要 PDF与文本 DOI 10.17148 / IARJSET.2016.3326一种解决云安全问题的多云方法：Qumar M.V，Poornima A. S Abstract PDF与文本 DOI 10.17148 / IARJSET.2016.3327锅炉厂具有不同GCV和碳百分比的升高效率。 P. Bhatt，C.P. Panchal摘要 PDF与文本 DOI 10.17148 / IARJSET.2016.3328工业自动化使用基于传感的应用程序的东西，Geething Chaudhari，Sudarshan Jadhav，Sandeep Batule，Sandeep Helkar摘要 PDF与文本 DOI 10.17148 / IARJSET.2016.3329工程学生学习的评估

Open source web application security: A static analysis approach

摘要

著录项

相似文献

相关主题

期刊订阅