Static Code Analyzer for Detecting Web Application Vulnerability Using Control Flow Graphs

摘要

Errors were made during software developments. In web applications, those errors could lead to security vulnerabilities that end in exploitation or information security incidents. Those errors will later be fixed by programmers, however. Since vulnerabilities repeatedly happened and are similar to each other, patterns of vulnerability can be found to detect vulnerabilities in later codes. Control flow graphs, as one of software execution representation, can be used as a representation to extract those patterns. In our approach, control flow graphs of vulnerable and fixed codes are constructed and compared to find their difference. By using the difference between vulnerable and fixed version’s control flow graphs, subgraphs that lead to security vulnerabilities can be found. The subgraphs are generalized afterwards in order to eliminate code-specific functions or variables using predefined rules. The resulting subgraphs can then be used as a pattern to find security vulnerabilities in codes. After experimenting on how to compare the vulnerability pattern, comparing similarity values between the scanned codes to vulnerable and fixed models yields the best result with 46% accuracy and 50% recall with unoptimized graph generalization.