scholarly journals Automated server-side model for recognition of security vulnerabilities in scripting languages

2020 ◽  
Vol 10 (6) ◽  
pp. 6061
Author(s):  
Rabab F. Abdel-Kader ◽  
Mona Nashaat ◽  
Mohamed I. Habib ◽  
Hani M. K. Mahdi
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Security Level ◽  
Analysis Tool ◽  
Analysis Model ◽  
Security Vulnerabilities ◽  
Code Analysis ◽  
Scripting Languages ◽  
Static Code Analysis ◽  
Proposed Model

With the increase of global accessibility of web applications, maintaining a reasonable security level for both user data and server resources has become an extremely challenging issue. Therefore, static code analysis systems can help web developers to reduce time and cost. In this paper, a new static analysis model is proposed. This model is designed to discover the security problems in scripting languages. The proposed model is implemented in a prototype SCAT, which is a static code analysis Tool. SCAT applies the phases of the proposed model to catch security vulnerabilities in PHP 5.3. Empirical results attest that the proposed prototype is feasible and is able to contribute to the security of real-world web applications. SCAT managed to detect 94% of security vulnerabilities found in the testing benchmarks; this clearly indicates that the proposed model is able to provide an effective solution to complicated web systems by offering benefits of securing private data for users and maintaining web application stability for web applications providers.

scholarly journals Vulnerability Scanning Technology on Web Applications

2021 ◽  
Vol 9 (VI) ◽  
pp. 991-995
Author(s):  
Aarushi Dwivedi
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Daily Life ◽  
Modern Society ◽  
Security Level ◽  
Security Vulnerabilities ◽  
Web Application Security ◽  
Application Security ◽  
Vulnerability Scanner ◽  
Cross Site

Modern society is far more dependent on web applications than the previous generations. Even though our dependence is increasing rapidly, the security level is far lower than required. To guarantee the security of the data system in the industry and our daily life, it is especially crucial to find out web application security vulnerabilities quickly and accurately. A vulnerability is a state of being unprotected from the prospect of an attack. It permits an attacker to gain a certain level of command of the site, and possibly the hosting server. One such vulnerability is the cross-site scripting vulnerability. In this exposition, a generic vulnerability scanner is proposed which can be customized to find any number of vulnerabilities. The scanner maps out the website and gives a report of all the vulnerabilities. For the purpose of evaluation, it has been customized to find XSS vulnerability in web applications.

scholarly journals ENHANCED ONLINE BOOK STORE MODEL: ADOPTING THE PROGRESSIVE WEB APPLICATION (PWA) TECHNOLOGY

2020 ◽  
Vol 9 (9) ◽  
pp. 1-8
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Research Work ◽  
Business Owners ◽  
Proposed Model ◽  
Book Store ◽  
Architectural Framework ◽  
Mobile Development ◽  
Online Book

From the physical book store to the online bookstore, business owners find a way to meet the demands of their prospective customers. The daily advancement in technology has brought about a huge change the operation of e-commerce. The development of the Progressive Web Applications (PWA) by Google has caused a revolution in mobile development. Using an online bookstore as a case study, this research work presents a PWA architectural framework that can be adopted by any e-commerce applications. This was achieved after a systematic review of existing online bookstore models was carried out – identifying the gaps which will serve as strengths for the proposed model. Also, the emerging technology of PWA was critically reviewed to solidify the proposed model. Adoption of the model will avoid current issues faced the world of mobile development especially code fragmentation. However, exploring the payment gateways and modules will help solidify the model.

Combining Static Code Analysis and Machine Learning for Automatic Detection of Security Vulnerabilities in Mobile Apps

2018 ◽  
pp. 1121-1147
Author(s):  
Marco Pistoia ◽  
Omer Tripp ◽  
David Lubensky
Keyword(s):  
Machine Learning ◽  
Static Analysis ◽  
Private Information ◽  
Program Analysis ◽  
Mobile Applications ◽  
Mobile Apps ◽  
Security Vulnerabilities ◽  
Code Analysis ◽  
Analysis Tools ◽  
Static Code Analysis

Mobile devices have revolutionized many aspects of our lives. Without realizing it, we often run on them programs that access and transmit private information over the network. Integrity concerns arise when mobile applications use untrusted data as input to security-sensitive computations. Program-analysis tools for integrity and confidentiality enforcement have become a necessity. Static-analysis tools are particularly attractive because they do not require installing and executing the program, and have the potential of never missing any vulnerability. Nevertheless, such tools often have high false-positive rates. In order to reduce the number of false positives, static analysis has to be very precise, but this is in conflict with the analysis' performance and scalability, requiring a more refined model of the application. This chapter proposes Phoenix, a novel solution that combines static analysis with machine learning to identify programs exhibiting suspicious operations. This approach has been widely applied to mobile applications obtaining impressive results.

Combining Static Code Analysis and Machine Learning for Automatic Detection of Security Vulnerabilities in Mobile Apps

2017 ◽  
pp. 68-94
Author(s):  
Marco Pistoia ◽  
Omer Tripp ◽  
David Lubensky
Keyword(s):  
Machine Learning ◽  
Static Analysis ◽  
Private Information ◽  
Program Analysis ◽  
Mobile Applications ◽  
Mobile Apps ◽  
Security Vulnerabilities ◽  
Code Analysis ◽  
Analysis Tools ◽  
Static Code Analysis

Mobile devices have revolutionized many aspects of our lives. Without realizing it, we often run on them programs that access and transmit private information over the network. Integrity concerns arise when mobile applications use untrusted data as input to security-sensitive computations. Program-analysis tools for integrity and confidentiality enforcement have become a necessity. Static-analysis tools are particularly attractive because they do not require installing and executing the program, and have the potential of never missing any vulnerability. Nevertheless, such tools often have high false-positive rates. In order to reduce the number of false positives, static analysis has to be very precise, but this is in conflict with the analysis' performance and scalability, requiring a more refined model of the application. This chapter proposes Phoenix, a novel solution that combines static analysis with machine learning to identify programs exhibiting suspicious operations. This approach has been widely applied to mobile applications obtaining impressive results.

On the Use of Generative Deep Learning Approaches for Generating Hidden Test Scripts

2021 ◽  
Vol 31 (10) ◽  
pp. 1447-1468
Author(s):  
Mert Oz ◽  
Caner Kaya ◽  
Erdi Olmezogullari ◽  
Mehmet S. Aktas
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Short Term Memory ◽  
Learning Approaches ◽  
Generation Task ◽  
Clickstream Data ◽  
Test Script ◽  
Proposed Model ◽  
Action Sequences ◽  
Lstm Network

With the advent of web 2.0, web application architectures have been evolved, and their complexity has grown enormously. Due to the complexity, testing of web applications is getting time-consuming and intensive process. In today’s web applications, users can achieve the same goal by performing different actions. To ensure that the entire system is safe and robust, developers try to test all possible user action sequences in the testing phase. Since the space of all the possibilities is enormous, covering all user action sequences can be impossible. To automate the test script generation task and reduce the space of the possible user action sequences, we propose a novel method based on long short-term memory (LSTM) network for generating test scripts from user clickstream data. The experiment results clearly show that generated hidden test sequences are user-like sequences, and the process of generating test scripts with the proposed model is less time-consuming than writing them manually.

scholarly journals Static analysis for discovering IoT vulnerabilities

2020 ◽  
Author(s):  
Pietro Ferrara ◽  
Amit Kr Mandal ◽  
Agostino Cortesi ◽  
Fausto Spoto
Keyword(s):  
Static Analysis ◽  
Web Application ◽  
Web Applications ◽  
Security Vulnerabilities ◽  
Web Application Security ◽  
Robust Solution ◽  
Representative Case ◽  
Application Security ◽  
Industrial Analyzer ◽  
The Relationship

AbstractThe Open Web Application Security Project (OWASP), released the “OWASP Top 10 Internet of Things 2018” list of the high-priority security vulnerabilities for IoT systems. The diversity of these vulnerabilities poses a great challenge toward development of a robust solution for their detection and mitigation. In this paper, we discuss the relationship between these vulnerabilities and the ones listed by OWASP Top 10 (focused on Web applications rather than IoT systems), how these vulnerabilities can actually be exploited, and in which cases static analysis can help in preventing them. Then, we present an extension of an industrial analyzer (Julia) that already covers five out of the top seven vulnerabilities of OWASP Top 10, and we discuss which IoT Top 10 vulnerabilities might be detected by the existing analyses or their extension. The experimental results present the application of some existing Julia’s analyses and their extension to IoT systems, showing its effectiveness of the analysis of some representative case studies.

Sign in / Sign up

Export Citation Format

Share Document