Conference ProceedingsOPEN ACCESS

Hybrid taint analysis for Java EE

Proceedings of the ACM Symposium on Applied Computing (2020) 1716-1725
DOI: 10.1145/3341105.3373887
8Citations
Citations of this article
8Readers
Mendeley users who have this article in their library.
Get full text

Abstract

We present a new approach to protect Java EE web applications against injection attacks, which can handle large commercial systems. We first describe a novel approach to taint analysis for Java EE, which can be characterized by "strings only", "taint ranges", and "no bytecode instrumentation". We then explain how to combine this method with static analysis, based on the JOANA IFC framework. The resulting hybrid analysis will boost scalability and precision, while guaranteeing protection against XSS. The approach has been implemented in the Juturna tool; application examples and measurements are discussed.

Author supplied keywords

Cite

CITATION STYLE

APA

Loch, F. D., Johns, M., Hecker, M., Mohr, M., & Snelting, G. (2020). Hybrid taint analysis for Java EE. In Proceedings of the ACM Symposium on Applied Computing (pp. 1716–1725). Association for Computing Machinery. https://doi.org/10.1145/3341105.3373887

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free