Detecting and Removing Vulnerabilities in Web Applications using Data Mining and Static Analysis


Authors : Sachin Wakurdekar, Pratish Mishra, Piyush Narang, RishabhAggarwal, Aditi, Rohit Gupta.

Volume/Issue : Volume 3 - 2018, Issue 3 - March

Google Scholar : https://goo.gl/DF9R4u

Scribd : https://goo.gl/9RdSP8

Thomson Reuters ResearcherID : https://goo.gl/3bkzwv

Abstract : With the advent of new technologies and applications, the web today is expanding faster than ever. Web application security has been an important subject of research in the last few years, yet it still remains a challenging problem. The issues arise due tovulnerable source codes that are written in unsafe languages like PHP. With the use of static analysis over the source code, we can detect the input vulnerabilities in the web application. However, the static analysis of the source code often create false positives, and it takes a lot of effort to fix the code. Through our paper, we delve into the approach of detecting vulnerabilities of the web application, but with lesser false positives. With the help of data mining, we remove the false positives generated. Here we will do programmed code amendment by embedding fixes in the source code. Afterwards diverse testing techniques like regression testing will be used to ensure if the code after rectification runs correctly and the points of vulnerability are removed. We materialize our research and this approach with the help of a WAP instrument. Consequently, we perform a trial assessment on numerous web applications with PHP source code to guarantee the accuracy of our software.

Keywords : Vulnerabilities, Static Analysis, Data mining, False Positives.

With the advent of new technologies and applications, the web today is expanding faster than ever. Web application security has been an important subject of research in the last few years, yet it still remains a challenging problem. The issues arise due tovulnerable source codes that are written in unsafe languages like PHP. With the use of static analysis over the source code, we can detect the input vulnerabilities in the web application. However, the static analysis of the source code often create false positives, and it takes a lot of effort to fix the code. Through our paper, we delve into the approach of detecting vulnerabilities of the web application, but with lesser false positives. With the help of data mining, we remove the false positives generated. Here we will do programmed code amendment by embedding fixes in the source code. Afterwards diverse testing techniques like regression testing will be used to ensure if the code after rectification runs correctly and the points of vulnerability are removed. We materialize our research and this approach with the help of a WAP instrument. Consequently, we perform a trial assessment on numerous web applications with PHP source code to guarantee the accuracy of our software.

Keywords : Vulnerabilities, Static Analysis, Data mining, False Positives.

Never miss an update from Papermashup

Get notified about the latest tutorials and downloads.

Subscribe by Email

Get alerts directly into your inbox after each post and stay updated.
Subscribe
OR

Subscribe by RSS

Add our RSS to your feedreader to get regular updates from us.
Subscribe