intTypePromotion=1

Supporting secure programming in web applications through interactive static analysis

Chia sẻ: Thamoioii Thamoioii | Ngày: | Loại File: PDF | Số trang:14

0
27
lượt xem
0
download

Supporting secure programming in web applications through interactive static analysis

Mô tả tài liệu
  Download Vui lòng tải xuống để xem tài liệu đầy đủ

Many security incidents are caused by software developers’ failure to adhere to secure programming practices. Static analysis tools have been used to detect software vulnerabilities. However, their wide usage by developers is limited by the special training required to write rules customized to application-specific logic. Our approach is interactive static analysis, to integrate static analysis into Integrated Development Environment (IDE) and provide in-situ secure programming support to help developers prevent vulnerabilities during code construction. No additional training is required nor are there any assumptions on ways programs are built. Our work is motivated in part by the observation that many vulnerabilities are introduced due to failure to practice secure programming by knowledgeable developers. We implemented a prototype interactive static analysis tool as a plug-in for Java in Eclipse. Our technical evaluation of our prototype detected multiple zero-day vulnerabilities in a large open source project. Our evaluations also suggest that false positives may be limited to a very small class of use cases.

Chủ đề:
Lưu

Nội dung Text: Supporting secure programming in web applications through interactive static analysis

ADSENSE
ADSENSE

CÓ THỂ BẠN MUỐN DOWNLOAD

 

Đồng bộ tài khoản
2=>2