Authors :
Sachin Wakurdekar, Pratish Mishra, Piyush Narang, RishabhAggarwal, Aditi, Rohit Gupta.
Volume/Issue :
Volume 3 - 2018, Issue 3 - March
Google Scholar :
https://goo.gl/DF9R4u
Scribd :
https://goo.gl/9RdSP8
Thomson Reuters ResearcherID :
https://goo.gl/3bkzwv
Abstract :
With the advent of new technologies and applications, the web today is expanding faster than ever. Web application security has been an important subject of research in the last few years, yet it still remains a challenging problem. The issues arise due tovulnerable source codes that are written in unsafe languages like PHP. With the use of static analysis over the source code, we can detect the input vulnerabilities in the web application. However, the static analysis of the source code often create false positives, and it takes a lot of effort to fix the code. Through our paper, we delve into the approach of detecting vulnerabilities of the web application, but with lesser false positives. With the help of data mining, we remove the false positives generated. Here we will do programmed code amendment by embedding fixes in the source code. Afterwards diverse testing techniques like regression testing will be used to ensure if the code after rectification runs correctly and the points of vulnerability are removed. We materialize our research and this approach with the help of a WAP instrument. Consequently, we perform a trial assessment on numerous web applications with PHP source code to guarantee the accuracy of our software.
Keywords :
Vulnerabilities, Static Analysis, Data mining, False Positives.
With the advent of new technologies and applications, the web today is expanding faster than ever. Web application security has been an important subject of research in the last few years, yet it still remains a challenging problem. The issues arise due tovulnerable source codes that are written in unsafe languages like PHP. With the use of static analysis over the source code, we can detect the input vulnerabilities in the web application. However, the static analysis of the source code often create false positives, and it takes a lot of effort to fix the code. Through our paper, we delve into the approach of detecting vulnerabilities of the web application, but with lesser false positives. With the help of data mining, we remove the false positives generated. Here we will do programmed code amendment by embedding fixes in the source code. Afterwards diverse testing techniques like regression testing will be used to ensure if the code after rectification runs correctly and the points of vulnerability are removed. We materialize our research and this approach with the help of a WAP instrument. Consequently, we perform a trial assessment on numerous web applications with PHP source code to guarantee the accuracy of our software.
Keywords :
Vulnerabilities, Static Analysis, Data mining, False Positives.