On the automation of vulnerabilities fixing for web application
Testing Web applications for detection and fixing of vulnerabilities has become an indispensable task in web applications’ development process. This task often consumes a lot of time, efforts and other resources. The research community have devoted considerable amount of efforts to address this prob...
Main Authors: | , , , , |
---|---|
Format: | Conference or Workshop Item |
Language: | English |
Published: |
2014
|
Online Access: | http://psasir.upm.edu.my/id/eprint/38901/1/38901.pdf |
_version_ | 1796973433768116224 |
---|---|
author | Umar, Kabir Md Sultan, Abu Bakar Zulzalil, Hazura Admodisastro, Novia Abdullah @ Selimun, Mohd Taufik |
author_facet | Umar, Kabir Md Sultan, Abu Bakar Zulzalil, Hazura Admodisastro, Novia Abdullah @ Selimun, Mohd Taufik |
author_sort | Umar, Kabir |
collection | UPM |
description | Testing Web applications for detection and fixing of vulnerabilities has become an indispensable task in web applications’ development process. This task often consumes a lot of time, efforts and other resources. The research community have devoted considerable amount of efforts to address this problem by proposing many techniques for automated vulnerabilities detection and fix generation for web application. Many of these techniques can reliably detect vulnerabilities and generate fix(es), which can be applied to the web application’s code, by the developer, for possible fixing of the vulnerabilities. Hence, the actual code modifications that fix the vulnerabilities is not automated and has to be carried out manually. To the best of our knowledge, none of the existing automated techniques is able to do this, and hence the actual fixing of the vulnerabilities is left for the human developer to handle. In this paper, we propose a novel framework for automatic vulnerabilities fixing for web application. We mimic evolutionary idea and employ Evolutionary Programming to evolve web applications whose fitness is evaluated based on their ability to survive test attacks. The reliability of the resulting vulnerabilities-free web application can be further enhanced by co-evolving test sets with generations of web applications in which the fitness of test attack is evaluated based on its ability to break web applications. |
first_indexed | 2024-03-06T08:42:35Z |
format | Conference or Workshop Item |
id | upm.eprints-38901 |
institution | Universiti Putra Malaysia |
language | English |
last_indexed | 2024-03-06T08:42:35Z |
publishDate | 2014 |
record_format | dspace |
spelling | upm.eprints-389012016-06-08T08:31:10Z http://psasir.upm.edu.my/id/eprint/38901/ On the automation of vulnerabilities fixing for web application Umar, Kabir Md Sultan, Abu Bakar Zulzalil, Hazura Admodisastro, Novia Abdullah @ Selimun, Mohd Taufik Testing Web applications for detection and fixing of vulnerabilities has become an indispensable task in web applications’ development process. This task often consumes a lot of time, efforts and other resources. The research community have devoted considerable amount of efforts to address this problem by proposing many techniques for automated vulnerabilities detection and fix generation for web application. Many of these techniques can reliably detect vulnerabilities and generate fix(es), which can be applied to the web application’s code, by the developer, for possible fixing of the vulnerabilities. Hence, the actual code modifications that fix the vulnerabilities is not automated and has to be carried out manually. To the best of our knowledge, none of the existing automated techniques is able to do this, and hence the actual fixing of the vulnerabilities is left for the human developer to handle. In this paper, we propose a novel framework for automatic vulnerabilities fixing for web application. We mimic evolutionary idea and employ Evolutionary Programming to evolve web applications whose fitness is evaluated based on their ability to survive test attacks. The reliability of the resulting vulnerabilities-free web application can be further enhanced by co-evolving test sets with generations of web applications in which the fitness of test attack is evaluated based on its ability to break web applications. 2014 Conference or Workshop Item NonPeerReviewed application/pdf en http://psasir.upm.edu.my/id/eprint/38901/1/38901.pdf Umar, Kabir and Md Sultan, Abu Bakar and Zulzalil, Hazura and Admodisastro, Novia and Abdullah @ Selimun, Mohd Taufik (2014) On the automation of vulnerabilities fixing for web application. In: The 9th International Conference on Software Engineering Advances (ICSEA 2014), 12-16 Oct. 2014, Nice, France. (pp. 221-226). http://www.thinkmind.org/download.php?articleid=icsea_2014_9_20_10088 |
spellingShingle | Umar, Kabir Md Sultan, Abu Bakar Zulzalil, Hazura Admodisastro, Novia Abdullah @ Selimun, Mohd Taufik On the automation of vulnerabilities fixing for web application |
title | On the automation of vulnerabilities fixing for web application |
title_full | On the automation of vulnerabilities fixing for web application |
title_fullStr | On the automation of vulnerabilities fixing for web application |
title_full_unstemmed | On the automation of vulnerabilities fixing for web application |
title_short | On the automation of vulnerabilities fixing for web application |
title_sort | on the automation of vulnerabilities fixing for web application |
url | http://psasir.upm.edu.my/id/eprint/38901/1/38901.pdf |
work_keys_str_mv | AT umarkabir ontheautomationofvulnerabilitiesfixingforwebapplication AT mdsultanabubakar ontheautomationofvulnerabilitiesfixingforwebapplication AT zulzalilhazura ontheautomationofvulnerabilitiesfixingforwebapplication AT admodisastronovia ontheautomationofvulnerabilitiesfixingforwebapplication AT abdullahselimunmohdtaufik ontheautomationofvulnerabilitiesfixingforwebapplication |