Abstract
Web application development is error prone and results in applications that are vulnerable to attacks by malicious users. The global accessibility of Web applications makes this an extremely serious problem. According to the Open Web Application Security Project (OWASP)’s top ten list that identifies the most serious web application vulnerabilities, the top three vulnerabilities in 2007 [84] were: (1) Cross Site Scripting (XSS) and (2) Injection Flaws (such as SQL Injection). Even after it has been widely reported that web applications suffer from these vulnerabilities, XSS and SQL Injection vulnerabilities remained among the top three vulnerabilities listed in OWASP’s top ten list in 2010 [85] and 2013 [86].
References
Thomas H. Cormen, Charles E. Leiserson, and Ronald L. Rivest. Introduction to Algorithms. MIT Press, 1990.
John E. Hopcroft, Rajeev Motwani, and Jeffrey D. Ullman. Introduction to Automata Theory, Languages, and Computation (3rd Edition). Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA, 2006.
OWASP. Top 10 2007. https://www.owasp.org/index.php/Top_10_2007.
OWASP. Top 10 2010. https://www.owasp.org/index.php/Top_10_2010-Main.
OWASP. Top 10 2013. https://www.owasp.org/index.php/Top_10_2013-T10.
Fang Yu, Muath Alkhalaf, and Tevfik Bultan. Patching vulnerabilities with sanitization synthesis. In Proceedings of the 33rd International Conference on Software Engineering (ICSE), pages 251–260, 2011.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this chapter
Cite this chapter
Bultan, T., Yu, F., Alkhalaf, M., Aydin, A. (2017). Vulnerability Detection and Sanitization Synthesis. In: String Analysis for Software Verification and Security. Springer, Cham. https://doi.org/10.1007/978-3-319-68670-7_8
Download citation
DOI: https://doi.org/10.1007/978-3-319-68670-7_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-68668-4
Online ISBN: 978-3-319-68670-7
eBook Packages: Computer ScienceComputer Science (R0)