In EDS ansehen

STASEC -- ALAT ZA OTKRIVANJE SIGURNOSNIH PROPUSTA WEB APLIKACIJA STATIČKOM ANALIZOM JAVA IZVORNOG KODA.

Gespeichert in:
Bibliographische Detailangaben
Titel: STASEC -- ALAT ZA OTKRIVANJE SIGURNOSNIH PROPUSTA WEB APLIKACIJA STATIČKOM ANALIZOM JAVA IZVORNOG KODA. (Croatian)
Alternate Title: STASEC -- TOOL FOR SECURITY VULNERABILITIES DETECTION IN WEB APPLICATIONS USING STATIC ANALYSIS OF JAVA SOURCE CODE. (English)
Autoren: Vukovič, Dijana, Đurič, Zoran
Quelle: InfoM; 2011, Issue 39, p26-37, 12p, 2 Black and White Photographs, 9 Diagrams, 4 Charts
Schlagwörter: WEB services, SOURCE code, JAVA programming language, COMPUTER security, XML (Extensible Markup Language)
Abstract (English): Web application security has become one of the most important segments in their design and implementation. Most of Web applications manipulate sensitive data and, therefore, Web applications must be adequately protected from potential attacks. Discovery of security vulnerabilities Web applications can be done in two ways: static source code analysis and dynamic analysis. Static analysis of source code means the testing of applications without its launch, analysing the source code. Cause of vulnerabilities in Web applications are often inappropriate validation of input data. In addition, Web applications can be unreliable in themselves contain a number of security vulnerabilities. The code of the application itself is considered as one of the causes of unreliability of the software. Using static analysis of Web applications potential security vulnerabilities can be detected and, thus, create assumptions for their elimination. There are specially developed tools for static analysis of source code. Existing tools for vulnerabilities detection using static analysis of source code can be divided into commercial tools and open source tools. Most of the tools offer the possibility of static analysis of applications written in just one programming language, with specific set of rules that can not be expanded. This paper presents a STASEC - a tool for security vulnerabilities detection using static analysis of Java source code. The basic feature of this tool is modularity. Implementing modules for the analysis of applications written in other programming languages tool can be extended. To save the rules that the tool uses for static analysis an XML Schema is defined. This allows a simple extension of the rule set used by the tool in the analysis. [ABSTRACT FROM AUTHOR]
Abstract (Croatian): Sigurnost Web aplikacija postala je jedan od najbitnijih segmenata u njihovom dizajnu i implementaciji. Sve je više Web aplikacija koje manipulišu osjetljivim podacima, pa zbog toga Web aplikacije moraju biti adekvatno zaštičene od potencijalnih napada. Otkrivanje sigurnosnih propusta Web aplikacija moguče je izvršiti na dva naČina: statiČkom analizom izvornog koda i dinamiČkom analizom. Pod statiČkom analizom izvornog koda podrazumijeva se testiranje aplikacije analizom izvornog koda, bez njenog pokretanja,. NajČešči uzroČnik ranjivosti web aplikacija je neadekvatna validacija ulaznih podataka. Pored toga kompleksnost koda same aplikacije smatra se jednim od uzroČnika nepouzdanosti softvera. StatiČkom analizom Web aplikacija moguče je otkriti potencijalne sigurnosne propuste i, na taj naČin, stvoriti pretpostavke za njihovo otklanjanje. Pri statiČkoj analizi izvornog koda obiČno se koriste namjenski razvijeni alati. Postoječi alati za otkrivanje sigurnosnih propusta statiČkom analizom izvornog koda mogu se podijeliti na komercijalne alate i alate otvorenog koda. Večina alata pruža mogučnost statiČke analize aplikacija pisanih u određenom programskom jeziku, nad određenim skupom pravila, koji nije moguče proširiti. U raduje predstavljen STASEC - alat za otkrivanje sigurnosnih propusta statiČkom analizom Java izvornog koda. Osnovne karakteristike ovog alata su visok procenat detekcije sigurnosnih propusta, kao i modularnost. Implementacijom modula za analizu aplikacija pisanih u drugim programskim jezicima, alat se jednostavno može proširiti. Pravila koja alat koristi pri statiČkoj analizi definisana su XML šemom. Na ovaj naČin omogučeno je jednostavno proširivanje skupa pravila koje alat koristi pri analizi. [ABSTRACT FROM AUTHOR]
Copyright of InfoM is the property of Belgrade University, Faculty of Organizational Science and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Datenbank: Complementary Index
Beschreibung
Abstract:Web application security has become one of the most important segments in their design and implementation. Most of Web applications manipulate sensitive data and, therefore, Web applications must be adequately protected from potential attacks. Discovery of security vulnerabilities Web applications can be done in two ways: static source code analysis and dynamic analysis. Static analysis of source code means the testing of applications without its launch, analysing the source code. Cause of vulnerabilities in Web applications are often inappropriate validation of input data. In addition, Web applications can be unreliable in themselves contain a number of security vulnerabilities. The code of the application itself is considered as one of the causes of unreliability of the software. Using static analysis of Web applications potential security vulnerabilities can be detected and, thus, create assumptions for their elimination. There are specially developed tools for static analysis of source code. Existing tools for vulnerabilities detection using static analysis of source code can be divided into commercial tools and open source tools. Most of the tools offer the possibility of static analysis of applications written in just one programming language, with specific set of rules that can not be expanded. This paper presents a STASEC - a tool for security vulnerabilities detection using static analysis of Java source code. The basic feature of this tool is modularity. Implementing modules for the analysis of applications written in other programming languages tool can be extended. To save the rules that the tool uses for static analysis an XML Schema is defined. This allows a simple extension of the rule set used by the tool in the analysis. [ABSTRACT FROM AUTHOR]
ISSN:14514397