Skip to main content
Conference Proceedings

Eliminating human specification in static analysis

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2010) 6307 LNCS 494-495
DOI: 10.1007/978-3-642-15512-3_30
1Citations
Citations of this article
16Readers
Mendeley users who have this article in their library.
Get full text

Abstract

We present a totally automatic static analysis approach for detecting code injection vulnerabilities in web applications on top of JSP/servlet framework. Our approach incorporates origin and destination information of data passing in information flows, and developer's beliefs on vulnerable information flows extracted via statistical analysis and pattern recognition technique, to infer specifications for flaws without any human participation. According to experiment, our algorithm is proved to be able to cover the most comprehensive range of attack vectors and lessen the manual labor greatly. © 2010 Springer-Verlag.

Cite

CITATION STYLE

APA

Kong, Y., Zhang, Y., & Liu, Q. (2010). Eliminating human specification in static analysis. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 6307 LNCS, pp. 494–495). Springer Verlag. https://doi.org/10.1007/978-3-642-15512-3_30

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free