loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Ricardo Morgado ; Ibéria Medeiros and Nuno Neves

Affiliation: LASIGE, Faculty of Sciences, University of Lisboa, Portugal

Keyword(s): Web Application Vulnerabilities, Static Analysis, Code Correction, Software Security.

Abstract: Web applications are commonly used to provide access to the services and resources offered by companies. However, they are known to contain vulnerabilities in their source code, which, when exploited, can cause serious damage to organizations, such as the theft of millions of user credentials. For this reason, it is crucial to protect critical services, such as health care and financial services, with safe web applications. Often, vulnerabilities are left in the source code unintentionally by programmers because they have insufficient knowledge on how to write secure code. For example, developers many times employ sanitization functions of the programming language, believing that they will defend their applications. However, some of those functions do not invalidate all attacks, leaving applications still vulnerable. This paper presents an approach and a tool capable of automatically correcting web applications from relevant classes of vulnerabilities (XSS and SQL Injection). The too l was evaluated with both benchmark test cases and real code, and the results are very encouraging. They show that the tool can insert safe and right corrections while maintaining the original behavior of the web applications in the vast majority of the cases. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 18.118.200.197

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Morgado, R.; Medeiros, I. and Neves, N. (2020). Towards Web Application Security by Automated Code Correction. In Proceedings of the 15th International Conference on Evaluation of Novel Approaches to Software Engineering - ENASE; ISBN 978-989-758-421-3; ISSN 2184-4895, SciTePress, pages 86-96. DOI: 10.5220/0009369900860096

@conference{enase20,
author={Ricardo Morgado. and Ibéria Medeiros. and Nuno Neves.},
title={Towards Web Application Security by Automated Code Correction},
booktitle={Proceedings of the 15th International Conference on Evaluation of Novel Approaches to Software Engineering - ENASE},
year={2020},
pages={86-96},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0009369900860096},
isbn={978-989-758-421-3},
issn={2184-4895},
}

TY - CONF

JO - Proceedings of the 15th International Conference on Evaluation of Novel Approaches to Software Engineering - ENASE
TI - Towards Web Application Security by Automated Code Correction
SN - 978-989-758-421-3
IS - 2184-4895
AU - Morgado, R.
AU - Medeiros, I.
AU - Neves, N.
PY - 2020
SP - 86
EP - 96
DO - 10.5220/0009369900860096
PB - SciTePress

- Science and Technology Publications, Lda.
RESOURCES

Proceedings

Papers

Authors

Ontology

CONTACTS

Science and Technology Publications, Lda
Avenida de S. Francisco Xavier, Lote 7 Cv. C,
2900-616 Setúbal, Portugal.

Phone: +351 265 520 185 (National fixed network call)
Fax: +351 265 520 186
Email: info@scitepress.org

EXTERNAL LINKS

PRIMORIS

INSTICC

SCITEVENTS

CROSSREF

PROCEEDINGS SUBMITTED FOR INDEXATION BY:

dblp

Ei Compendex

SCOPUS

Semantic Scholar

Google Scholar

Microsoft Academic