Skip to main content
SpringerLink
Log in

Finding Security Vulnerabilities in Java Web Applications with Test Generation and Dynamic Taint Analysis

  • Conference paper
Proceedings of the 2011 2nd International Congress on Computer Applications and Computational Science

Part of the book series: Advances in Intelligent and Soft Computing ((AINSC,volume 145))

Abstract

This paper investigates how to combine techniques of static and dynamic analysis for finding security vulnerabilities in Java web applications. We present a hybrid analyzer that employs test case generation and dynamic taint analysis to achieve the goal of no false negatives and reduced false positives.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. OWASP. OWASP Top 10 for (2010), https://www.owasp.org/index.php/Top_10_2010-Main

  2. Halfond, W.G., Viegas, J., Orso, A.: A Classification of SQL-Injection Attacks and Countermeasures. In: Proc. IEEE Int’l Sym. on Secure Software Engineering (March 2006)

    Google Scholar 

  3. CERT. Advisory CA-2002: Malicious HTML Tags Embedded in Client Web Requests (2002)

    Google Scholar 

  4. Livshits, V.B., Lam, M.S.: Finding security vulnerabilities in Java applications with static analysis. In: Proc. 14th Usenix Security Symposium, pp. 271–286 (August 2005)

    Google Scholar 

  5. Saxena, P., Akhawe, D., Hanna, S., Mao, F., McCamant, S., Song, D.: A Symbolic Execution Framework for JavaScrip. In: IEEE Sym. on Security and Privacy (May 2010)

    Google Scholar 

  6. Laddad, R.: AspectJ in Action. Manning Publications Co. (2003)

    Google Scholar 

  7. Chiang, S.L.: A Hybrid Security Analyzer for Java Web Applications, Master Thesis, National Chengchi University, Taiwan (July 2010)

    Google Scholar 

  8. Huang, Y.Y.: Test Case Generation for Verifying Security Vulnerabilities in Java Web Applications, Master Thesis, National Chengchi University, Taiwan (July 2011)

    Google Scholar 

  9. Monga, M., Paleari, R., Passerini, E.: A Hybrid Analysis Framework for Detecting Web Application Vulnerabilities. In: Proc. Workshop on Software Engineering for Secure Systems (IWSESS 2009), pp. 25–32 (2009)

    Google Scholar 

  10. Kieżun, A., Guo, P.J., Jayaraman, K., Ernst, M.D.: Automatic creation of SQL injection and cross-site scripting attacks. In: Proc. the 31st International Conference on Software Engineering (May 2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, National Chengchi University, Chengchi, Taiwan

    Yu-Yu Huang, Kung Chen & Shang-Lung Chiang

Authors
  1. Yu-Yu Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kung Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Shang-Lung Chiang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yu-Yu Huang .

Editor information

Editors and Affiliations

  1. Bina Nusantara University, Perumahan Menteng Metropolitan Kav K3-No1 7., Caking, Indonesia

    Ford Lumban Gaol

  2. , School of Computing and Mathematics, University of Western Sydney, Locked Bag 1797, Penrith, 2751, New South Wales, Australia

    Quang Vinh Nguyen

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag GmbH Berlin Heidelberg

About this paper

Cite this paper

Huang, YY., Chen, K., Chiang, SL. (2012). Finding Security Vulnerabilities in Java Web Applications with Test Generation and Dynamic Taint Analysis. In: Gaol, F., Nguyen, Q. (eds) Proceedings of the 2011 2nd International Congress on Computer Applications and Computational Science. Advances in Intelligent and Soft Computing, vol 145. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-28308-6_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-28308-6_18

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-28307-9

  • Online ISBN: 978-3-642-28308-6

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation