Distinguishing and Erasing Web Application Vulnerabilities with Static Analysis and DataMining

Tentu Rama Chandra Rao, I. Srinivasa Rao


In spite of the fact that a huge research exertion on web application security has been continuing for over 10 years, the security of web applications keeps on being a testing issue. A critical piece of that issue gets from powerless source code, frequently written in risky dialects like PHP. Source code static investigation instruments are an answer for discover vulnerabilities, yet they have a tendency to create false positives, and require extensive exertion for software engineers to physically settle the code. We investigate the utilization of a blend of techniques to find vulnerabilities in source code with less false positives. We join pollute examination, which discovers applicant vulnerabilities, with information mining, to anticipate the presence of false positives. This approach unites two methodologies that are obviously orthogonal: people coding the information about vulnerabilities (for pollute examination), joined with the apparently orthogonal approach of consequently acquiring that information (with machine learning, for information mining). Given this improved type of recognition, we propose doing programmed code revision by embeddings settles in the source code. Our approach was actualized in the WAP instrument, and an exploratory assessment was performed with a substantial arrangement of PHP applications. Our device discovered 388 vulnerabilities in 1.4 million lines of code. Its exactness and accuracy were around 5% superior to PhpMinerII's and 45% superior to Pixy's.

Full Text:


Copyright (c) 2017 Edupedia Publications Pvt Ltd

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.


All published Articles are Open Access at  https://journals.pen2print.org/index.php/ijr/ 

Paper submission: ijr@pen2print.org