Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
TR
2016
2016
Detecting and Removing Web Application Vulnerabilities with Static Analysis and Data Mining
—Although a large research effort on web application security has been going on for more than a decade, the security of web applications continues to be a challenging problem. An important part of that problem derives from vulnerable source code, often written in unsafe languages like PHP. Source code static analysis tools are a solution to find vulnerabilities, but they tend to generate false positives, and require considerable effort for programmers to manually fix the code. We explore the use of a combination of methods to discover vulnerabilities in source code with fewer false positives. We combine taint analysis, which finds candidate vulnerabilities, with data mining, to predict the existence of false positives. This approach brings together two approaches that are apparently orthogonal: humans coding the knowledge about vulnerabilities (for taint analysis), joined with the seemingly orthogonal approach of automatically obtaining that knowledge (with machine learning, for d...
Real-time TrafficTR 2016 |
Related Content
| Added | 11 Apr 2016 |
| Updated | 11 Apr 2016 |
| Type | Journal |
| Year | 2016 |
| Where | TR |
| Authors | Iberia Medeiros, Nuno Ferreira Neves, Miguel Correia |
Comments (0)
Researcher Info
|
