Skip to main content
SpringerLink
Log in

Vulnerability Detection and Sanitization Synthesis

  • Chapter
  • First Online:
String Analysis for Software Verification and Security

  • 693 Accesses

Abstract

Web application development is error prone and results in applications that are vulnerable to attacks by malicious users. The global accessibility of Web applications makes this an extremely serious problem. According to the Open Web Application Security Project (OWASP)’s top ten list that identifies the most serious web application vulnerabilities, the top three vulnerabilities in 2007 [84] were: (1) Cross Site Scripting (XSS) and (2) Injection Flaws (such as SQL Injection). Even after it has been widely reported that web applications suffer from these vulnerabilities, XSS and SQL Injection vulnerabilities remained among the top three vulnerabilities listed in OWASP’s top ten list in 2010 [85] and 2013 [86].

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

References

  1. Thomas H. Cormen, Charles E. Leiserson, and Ronald L. Rivest. Introduction to Algorithms. MIT Press, 1990.

    Google Scholar 

  2. John E. Hopcroft, Rajeev Motwani, and Jeffrey D. Ullman. Introduction to Automata Theory, Languages, and Computation (3rd Edition). Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA, 2006.

    Google Scholar 

  3. OWASP. Top 10 2007. https://www.owasp.org/index.php/Top_10_2007.

  4. OWASP. Top 10 2010. https://www.owasp.org/index.php/Top_10_2010-Main.

  5. OWASP. Top 10 2013. https://www.owasp.org/index.php/Top_10_2013-T10.

  6. Fang Yu, Muath Alkhalaf, and Tevfik Bultan. Patching vulnerabilities with sanitization synthesis. In Proceedings of the 33rd International Conference on Software Engineering (ICSE), pages 251–260, 2011.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of California, Santa Barbara, Santa Barbara, CA, USA

    Tevfik Bultan

  2. Department of Management, Information Systems, National Chenchi University, Taipei, Taiwan

    Fang Yu

  3. Computer Science Department, King Saud University, Riyadh, Saudi Arabia

    Muath Alkhalaf

  4. Microsoft (United States), Redmond, WA, USA

    Abdulbaki Aydin

Authors
  1. Tevfik Bultan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Fang Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Muath Alkhalaf
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Abdulbaki Aydin
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Bultan, T., Yu, F., Alkhalaf, M., Aydin, A. (2017). Vulnerability Detection and Sanitization Synthesis. In: String Analysis for Software Verification and Security. Springer, Cham. https://doi.org/10.1007/978-3-319-68670-7_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-68670-7_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-68668-4

  • Online ISBN: 978-3-319-68670-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation