Partitioners Track: Generating Security Vulnerabilities in Source Code

نویسنده

Felix Schuckert

چکیده

This paper describes a framework, which modifies existing source code to generate security issues. An example plugin for generating SQL injection in Java source code is described. The generation process is based on static code analysis techniques like dataflow analysis and abstract syntax trees. The framework is evaluated with the help of Java projects from GitHub. One modified project was successfully used in a capture the flag event as a challenge.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Efficient Design of Static Analysis Tool for Detecting Web Vulnerabilities

The number and the importance of web applications have increased rapidly over the last years. At the same time, the quantity and impact of security vulnerabilities in such applications have grown as well. Since manual code reviews are time-consuming, error prone and costly, the need for automated solutions has become evident. Many web applications written in ASP suffer from injection vulnerabil...

متن کامل

Rule-Based Source-Code Analysis For Detecting Security Vulnerabilities

Many security vulnerabilities related to source code have simple syntactic patterns or flow patterns that can be described as rules. In this paper, we propose a rule description language, RDL, in which we can specify simple syntactic patterns and data-flow and control-flow patterns that possibly lead to security vulnerabilities. We then introduce a universal static detector that can find the lo...

متن کامل

Standardizing Source Code Security Audits

A source code security audit is a powerful methodology for locating and removing security vulnerabilities. An audit can be used to (1) pass potentially prioritized list of vulnerabilities to developers (2) exploit vulnerabilities or (3) provide proof-of-concepts for potential vulnerabilities. The security audit research currently remains disjoint with minor discussion of methodologies utilized ...

متن کامل

Identification and Removal of Software Security Vulnerabilities using Source Code Analysis: A Case Study on a Java File Writer Program with Password Validation Features

We illustrate the use of source code analysis to identify and remove the following software security vulnerabilities: (i) Hardcoded Password, (ii) Empty Password Initialization, (iii) Denial of Service, (iv) System Information Leak, (v) Unreleased Resource and (vi) Path Manipulation. We propose one or more solution approaches to remove or at least mitigate each of these vulnerabilities that hav...

متن کامل

Clonewise – Automatically Detecting Package Clones and Inferring Security Vulnerabilities

Developers sometimes statically link libraries from other projects, maintain an internal copy of other software or fork development of an existing project. This practice can lead to software vulnerabilities when the embedded code is not kept up to date with upstream sources. As a result, manual techniques have been applied by Linux vendors to track embedded code and identify vulnerabilities. We...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}

با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره شماره

صفحات -

تاریخ انتشار 2016

Partitioners Track: Generating Security Vulnerabilities in Source Code

نویسنده

چکیده

منابع مشابه

Efficient Design of Static Analysis Tool for Detecting Web Vulnerabilities

Rule-Based Source-Code Analysis For Detecting Security Vulnerabilities

Standardizing Source Code Security Audits

Identification and Removal of Software Security Vulnerabilities using Source Code Analysis: A Case Study on a Java File Writer Program with Password Validation Features

Clonewise – Automatically Detecting Package Clones and Inferring Security Vulnerabilities

عنوان ژورنال:

اشتراک گذاری