Mining input sanitization patterns for predicting SQL injection and cross site scripting vulnerabilities
Static code attributes such as lines of code and cyclomatic complexity have been shown to be useful indicators of defects in software modules. As web applications adopt input sanitization routines to prevent web security risks, static code attributes that represent the characteristics of these routi...
| Main Authors: | , |
|---|---|
| Other Authors: | |
| Format: | Conference Paper |
| Language: | English |
| Published: |
2013
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/99523 http://hdl.handle.net/10220/12857 |
| _version_ | 1826113014126870528 |
|---|---|
| author | Shar, Lwin Khin Tan, Hee Beng Kuan |
| author2 | School of Electrical and Electronic Engineering |
| author_facet | School of Electrical and Electronic Engineering Shar, Lwin Khin Tan, Hee Beng Kuan |
| author_sort | Shar, Lwin Khin |
| collection | NTU |
| description | Static code attributes such as lines of code and cyclomatic complexity have been shown to be useful indicators of defects in software modules. As web applications adopt input sanitization routines to prevent web security risks, static code attributes that represent the characteristics of these routines may be useful for predicting web application vulnerabilities. In this paper, we classify various input sanitization methods into different types and propose a set of static code attributes that represent these types. Then we use data mining methods to predict SQL injection and cross site scripting vulnerabilities in web applications. Preliminary experiments show that our proposed attributes are important indicators of such vulnerabilities. |
| first_indexed | 2024-10-01T03:16:33Z |
| format | Conference Paper |
| id | ntu-10356/99523 |
| institution | Nanyang Technological University |
| language | English |
| last_indexed | 2024-10-01T03:16:33Z |
| publishDate | 2013 |
| record_format | dspace |
| spelling | ntu-10356/995232020-03-07T13:24:49Z Mining input sanitization patterns for predicting SQL injection and cross site scripting vulnerabilities Shar, Lwin Khin Tan, Hee Beng Kuan School of Electrical and Electronic Engineering International Conference on Software Engineering (34th : 2012 : Zurich, Switzerland) DRNTU::Engineering::Electrical and electronic engineering Static code attributes such as lines of code and cyclomatic complexity have been shown to be useful indicators of defects in software modules. As web applications adopt input sanitization routines to prevent web security risks, static code attributes that represent the characteristics of these routines may be useful for predicting web application vulnerabilities. In this paper, we classify various input sanitization methods into different types and propose a set of static code attributes that represent these types. Then we use data mining methods to predict SQL injection and cross site scripting vulnerabilities in web applications. Preliminary experiments show that our proposed attributes are important indicators of such vulnerabilities. 2013-08-02T03:36:37Z 2019-12-06T20:08:21Z 2013-08-02T03:36:37Z 2019-12-06T20:08:21Z 2012 2012 Conference Paper https://hdl.handle.net/10356/99523 http://hdl.handle.net/10220/12857 10.1109/ICSE.2012.6227096 en |
| spellingShingle | DRNTU::Engineering::Electrical and electronic engineering Shar, Lwin Khin Tan, Hee Beng Kuan Mining input sanitization patterns for predicting SQL injection and cross site scripting vulnerabilities |
| title | Mining input sanitization patterns for predicting SQL injection and cross site scripting vulnerabilities |
| title_full | Mining input sanitization patterns for predicting SQL injection and cross site scripting vulnerabilities |
| title_fullStr | Mining input sanitization patterns for predicting SQL injection and cross site scripting vulnerabilities |
| title_full_unstemmed | Mining input sanitization patterns for predicting SQL injection and cross site scripting vulnerabilities |
| title_short | Mining input sanitization patterns for predicting SQL injection and cross site scripting vulnerabilities |
| title_sort | mining input sanitization patterns for predicting sql injection and cross site scripting vulnerabilities |
| topic | DRNTU::Engineering::Electrical and electronic engineering |
| url | https://hdl.handle.net/10356/99523 http://hdl.handle.net/10220/12857 |
| work_keys_str_mv | AT sharlwinkhin mininginputsanitizationpatternsforpredictingsqlinjectionandcrosssitescriptingvulnerabilities AT tanheebengkuan mininginputsanitizationpatternsforpredictingsqlinjectionandcrosssitescriptingvulnerabilities |