For Libraries For Publication Open Access Downloads About Us Contact Us
Paper Titles
Research on Radio Maintenance Simulation Training
p.3691
Research on Property and Model Optimization of Multiclass SVM for NIDS
p.3696
A Novel Quasi-Cyclic LDPC Codes Construction Method for High-Speed Parallel Decoding
p.3702
Scalable Parallel Motion Estimation on Muti-GPU System
p.3708
Research on Vulnerability Detection for Software Based on Taint Analysis
p.3715
The Improvement Scheme Based on SIPT
p.3721
A Kind of ECC - KNN Classifier's Vehicle Identification Algorithm
p.3724
Target Classification Using PAS and Evidence Theory
p.3728
Detecting App-DDoS Attacks Based on Marking Access and d-SVDD
p.3734

Research on Vulnerability Detection for Software Based on Taint Analysis

Article Preview

Abstract:

At present, Cross Site Scripting (XSS) vulnerability exists in most web sites. The main reason is the lack of effective validation and filtering mechanisms for user input data from web request. This paper explores vulnerability detection method which based on taint dependence analysis and implements a prototype system for Java Web program. We treat all user input as tainted data, and track the flow of Web applications, then we judge whether it will trigger an attack or not. The taint dependent analysis algorithm mentioned in this paper is used to construct the taint dependency graph. Next the value representation method of the string tainted object based on finite state automata is discussed. Finally, we propose the vulnerability detection method for the program. The experiment result shows that the prototype system can detect reflection cross-site scripting vulnerability well in those programs which dont have effective treatment for the user input data.

You might also be interested in these eBooks
Instruments, Measurement, Electronics and Information Engineering View Preview

Info:

Periodical:

Applied Mechanics and Materials (Volumes 347-350)

Pages:

3715-3720

DOI:

https://doi.org/10.4028/www.scientific.net/AMM.347-350.3715

Citation:

Cite this paper

Online since:

August 2013

Authors:

Bei Hai Liang, Bin Bin Qu, Sheng Jiang, Chu Tian Ye

Keywords:

Taint Dependency Graph, Web Security, XSS Vulnerability

Export:

RIS, BibTeX

Price:

Permissions CCC:

Request Permissions

Permissions PLS:

Request Permissions

Сopyright:

© 2013 Trans Tech Publications Ltd. All Rights Reserved

Share:

Citation:

References

[1] Paros, http: /www. parosproxy. org/index. shtml. (2009).

Google Scholar

[2] XSS-Me, http: /www. securitycompass. com/exploite. tml. (2009).

Google Scholar

[3] Xie Long. Research and Implementation of JSP cross-site scripting vulnerabilities static detection technology: [MS]. Guangzhou: Zhongshan University Librarian, (2011).

Google Scholar

[4] G. Wassermann, Zhendong Su. Static detection of cross-site scripting vulnerabilities. In: Proc. 2008 ACM/IEEE 30th International Conference on Software Engineering. Leipzig , 2008: 171-180.

DOI: 10.1145/1368088.1368112

Google Scholar

[5] Fang Yu, T. Butan et al. Symbolic String Verification: An Automata-based Approach. In: Proc. of the 15th International SPIN Workshop on Model Checking of Software. Los Angeles, 2008: 306-324.

Google Scholar

[6] A.S. Christensen, A. Møller, M. Schwartzbach. Precise Analysis of String Expressi- ons. In: Proc. of 10th International Symposium, SAS San Diego. 2003: 1-18.

Google Scholar

© 2025 Trans Tech Publications Ltd. All rights are reserved, including those for text and data mining, AI training, and similar technologies. For open access content, terms of the Creative Commons licensing CC-BY are applied.
Scientific.Net is a registered trademark of Trans Tech Publications Ltd.