demonstration

Automatically fixing security vulnerabilities in Java code

Authors:

Aharon Abadi,

Ran Ettinger,

Yishai A. Feldman,

Mati ShomratAuthors Info & Claims

OOPSLA '11: Proceedings of the ACM international conference companion on Object oriented programming systems languages and applications companion

Pages 3 - 4

https://doi.org/10.1145/2048147.2048149

Published: 22 October 2011 Publication History

Get Access

Abstract

Most kinds of security vulnerabilities in web applications can be fixed by adding appropriate sanitization methods. Finding the correct place for the sanitizers can be difficult due to complicated data and control flow. Fixing SQL injection vulnerabilities may require more complex transformations, such as replacing uses of Statement by PreparedStatement, which could include some code motion.

We have developed algorithms to place sanitizers correctly, as well as to transform Statement to PreparedStatement. These have been implemented as "quick fixes" in an Eclipse plugin that works together with a commercial tool that discovers security vulnerabilities in web applications.

Reference

[1]

A. Abadi, Y. A. Feldman, and M. Shomrat. Code-motion for API migration: Fixing SQL injection vulnerabilities in Java. In Proc. Fourth Workshop on Refactoring Tools, May 2011.

Digital Library

Google Scholar

Cited By

View all

Papotti AParamitha RMassacci F(2024)On the acceptance by code reviewers of candidate security patches suggested by Automated Program Repair toolsEmpirical Software Engineering10.1007/s10664-024-10506-z29:5Online publication date: 3-Aug-2024
https://doi.org/10.1007/s10664-024-10506-z
Bui QParamitha RVu DMassacci FScandariato R(2023)APR4Vul: an empirical study of automatic program repair techniques on real-world Java vulnerabilitiesEmpirical Software Engineering10.1007/s10664-023-10415-729:1Online publication date: 6-Dec-2023
https://dl.acm.org/doi/10.1007/s10664-023-10415-7
Berlin MMargalit OWeiss G(2021)DepthStAr: Deep Strange Arguments DetectionCyber Security Cryptography and Machine Learning10.1007/978-3-030-78086-9_5(71-85)Online publication date: 1-Jul-2021
https://doi.org/10.1007/978-3-030-78086-9_5
Show More Cited By

Index Terms

Automatically fixing security vulnerabilities in Java code
1. Software and its engineering
  1. Software creation and management
    1. Software post-development issues
      1. Software reverse engineering

Recommendations

Security Vulnerabilities of SGX and Countermeasures: A Survey
Invited Tutorial

Trusted Execution Environments (TEEs) have been widely used in many security-critical applications. The popularity of TEEs derives from its high security and trustworthiness supported by secure hardware. Intel Software Guard Extensions (SGX) is one of ...
Security vulnerabilities and mitigation techniques of web applications
SIN '13: Proceedings of the 6th International Conference on Security of Information and Networks

Web applications contain vulnerabilities, which may lead to serious security breaches such as stealing of confidential information. To protect against security breaches, it is necessary to understand the detailed steps of attacks and the pros and cons ...
Matching attack patterns to security vulnerabilities in software-intensive system designs

Fortifying software applications from attack is often an effort that occurs late in the software development process. Applying patches to fix vulnerable applications in the field is a common approach to securing applications. Abstract representations of ...

Comments

Information & Contributors

Information

Published In

OOPSLA '11: Proceedings of the ACM international conference companion on Object oriented programming systems languages and applications companion

October 2011

360 pages

ISBN:9781450309424

DOI:10.1145/2048147

General Chair:
Cristina Videira Lopes
University of California, Irvine, USA
,
Program Chair:
Kathleen Fisher
Tufts University, USA

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 October 2011

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Demonstration

Conference

SPLASH '11

Sponsor:

SIGPLAN

SPLASH '11: Conference on Systems, Programming, and Applications: Software for Humanity

October 22 - 27, 2011

Oregon, Portland, USA

Upcoming Conference

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
316
Total Downloads

Downloads (Last 12 months)30
Downloads (Last 6 weeks)2

Reflects downloads up to 02 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Papotti AParamitha RMassacci F(2024)On the acceptance by code reviewers of candidate security patches suggested by Automated Program Repair toolsEmpirical Software Engineering10.1007/s10664-024-10506-z29:5Online publication date: 3-Aug-2024
https://doi.org/10.1007/s10664-024-10506-z
Bui QParamitha RVu DMassacci FScandariato R(2023)APR4Vul: an empirical study of automatic program repair techniques on real-world Java vulnerabilitiesEmpirical Software Engineering10.1007/s10664-023-10415-729:1Online publication date: 6-Dec-2023
https://dl.acm.org/doi/10.1007/s10664-023-10415-7
Berlin MMargalit OWeiss G(2021)DepthStAr: Deep Strange Arguments DetectionCyber Security Cryptography and Machine Learning10.1007/978-3-030-78086-9_5(71-85)Online publication date: 1-Jul-2021
https://doi.org/10.1007/978-3-030-78086-9_5
Gazzola LMicucci DMariani L(2019)Automatic Software RepairIEEE Transactions on Software Engineering10.1109/TSE.2017.275501345:1(34-67)Online publication date: 1-Jan-2019
https://dl.acm.org/doi/10.1109/TSE.2017.2755013

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

Reference

Cited By

Index Terms

Recommendations

Security Vulnerabilities of SGX and Countermeasures: A Survey

Security vulnerabilities and mitigation techniques of web applications

Matching attack patterns to security vulnerabilities in software-intensive system designs

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Upcoming Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations