Analysis of Web Application Code Vulnerabilities using Secure Coding Standards
详细信息 查看全文
- 作者:Divya Rishi Sahu ; Deepak Singh Tomar
- 关键词:Web application security ; Defensive programming principle ; Web graph ; XML ; Code snippet ; Vulnerability
- 刊名:Arabian Journal for Science and Engineering
- 出版年:2017
- 出版时间:February 2017
- 年:2017
- 卷:42
- 期:2
- 页码:885-895
- 全文大小:
- 刊物类别:Engineering
- 刊物主题:Engineering, general; Science, Humanities and Social Sciences, multidisciplinary;
- 出版者:Springer Berlin Heidelberg
- ISSN:2191-4281
- 卷排序:42
文摘
The evolution of modern web application involves a broad range of web technologies such as ActiveX, JavaScript and CGI. It mitigates the demand of bolt-on security services, but remains suffered from code vulnerabilities. Two common issues of web application code vulnerability are the wrong style of writing code and improper server configuration. Enhancing the web application’s functionalities and ease of use are the primary concern of developers. Security is their second concern, resulting in code vulnerabilities. The application developers may effectively deal with code vulnerabilities through adhering to Secure Coding Standards. But manually applying all the Secure Coding Standard is susceptible to human errors. Hence, a graph-based interactive system is developed in the context of Secure Coding Standards to handle code vulnerabilities. Evaluation of the developed system is carried out by using standard available datasets such as CVE, NVD, Syhunt Vulnerable PHP Code and OWASP.