MERLIN: Multi-Language Web Vulnerability Detection

Autor:	Miguel Correia, Alexandra Figueiredo, Tatjana Lide, David R. Matos
Rok vydání:	2020
Předmět:	Source code Java Computer science business.industry media_common.quotation_subject Vulnerability Static program analysis Vulnerability detection Static analysis Internet security Code (cryptography) Web application business Software engineering computer computer.programming_language media_common
Zdroj:	NCA
DOI:	10.1109/nca51143.2020.9306735
Popis:	Although there is continuous research to improve web security, web applications are constantly being attacked due to vulnerable source code. A common way used to find vulnerabilities in code is with source code static analysis tools. However, these tools have two problems: they must be coded manually to deal with all types of vulnerabilities and they only work with a specific programming language. This paper presents an approach that aims to improve security of web applications by identifying vulnerabilities in code written in different languages. Moreover, we do not hard-code the rules of detection, but instead use machine learning to configure them. The approach was implemented in a tool called MERLIN. This tool was tested with samples from the SRD database and real-world web applications written in Java and PHP.
Databáze:	OpenAIRE
Externí odkaz:	https://explore.openaire.eu/search/publication?articleId=doi_________::85335e002fa542fe1cfd83ccca287fea https://doi.org/10.1109/nca51143.2020.9306735 Zobrazit plný text záznamu