Static and dynamic analysis for web security in industry applications

被引:2
|
作者
Wu, Raymond [1 ]
Hisada, Masayuki [1 ]
机构
[1] NST Inc, Dept Res & Dev, Aizu Wakamatsu, Fukushima, Japan
来源
INTERNATIONAL JOURNAL OF ELECTRONIC SECURITY AND DIGITAL FORENSICS | 2010年 / 3卷 / 02期
关键词
vulnerability; web security; static analysis; dynamic analysis; tracking; abstract syntax;
D O I
10.1504/IJESDF.2010.033782
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
To apply our analysis work in industry security applications, we are investigating semantic metadata and structural syntax analysis. This paper explains how our approaches achieve the goal in terms of static and dynamic analysis by using industry scenarios. To better explain the framework and roadmap, we describe our approaches by using macro and micro views individually. Macro view oversees syntax structure and identification, while micro view envisions metadata messaging and parser automaton. The coherence of macro and micro views forms web security framework in tracking and validation. Our research applies the security service in industry fraud detection. It demonstrates metadata messaging for tracking, and HIPA code generation for validation. This bridges the gap between static and dynamic analysis. This also builds up the foundation of web security governance.
引用
收藏
页码:138 / 150
页数:13
相关论文
共 50 条
  • [1] Static and Dynamic Analysis for Web Security in Generic Format
    Wu, Raymond
    Hisada, Masayuki
    Ranaweera, Rasika
    [J]. GLOBAL SECURITY, SAFETY, AND SUSTAINABILITY, PROCEEDINGS, 2009, 45 : 233 - +
  • [2] The Architectural Review of Web Security in Static and Dynamic Analysis
    Wu, Raymond
    Hisada, Masayuki
    [J]. INTERNATIONAL JOURNAL OF COMPUTER SCIENCE AND NETWORK SECURITY, 2009, 9 (08): : 277 - 286
  • [3] Combinatorial Method with Static Analysis for Source Code Security in Web Applications
    Higuera, Juan Ramon Bermejo
    Higuera, Javier Bermejo
    Montalvo, Juan Antonio Sicilia
    Riera, Tomas Sureda
    Argyros, Christopher I.
    Magrenan, A. Alberto
    [J]. CMES-COMPUTER MODELING IN ENGINEERING & SCIENCES, 2021, 129 (02): : 541 - 565
  • [4] Virtual Static Security Analyzer for Web Applications
    Brinza, Mihail
    Correia, Miguel
    Pereira, Joao
    [J]. 2021 IEEE 20TH INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS (TRUSTCOM 2021), 2021, : 840 - 848
  • [5] On Combining Static, Dynamic and Interactive Analysis Security Testing Tools to Improve OWASP Top Ten Security Vulnerability Detection in Web Applications
    Mateo Tudela, Francesc
    Bermejo Higuera, Juan-Ramon
    Bermejo Higuera, Javier
    Sicilia Montalvo, Juan-Antonio
    Argyros, Michael I.
    [J]. APPLIED SCIENCES-BASEL, 2020, 10 (24): : 1 - 26
  • [6] Saner: Composing static and dynamic analysis to validate sanitization in web applications
    Balzarotti, Davide
    Cova, Marco
    Felmetsger, Vika
    Jovanovic, Nenad
    Kirda, Engin
    Kruegel, Christopher
    Vigna, Giovanni
    [J]. PROCEEDINGS OF THE 2008 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, 2008, : 387 - +
  • [7] Integrating static and dynamic analysis to improve the comprehension of existing Web Applications
    Di Lucca, GA
    Di Penta, M
    [J]. WSE 2005: SEVENTH IEEE INTERNATIONAL SYMPOSIUM ON WEB SITE EVOLUTION, PROCEEDINGS, 2005, : 87 - 94
  • [8] Benchmarking Static Analysis Tools for Web Security
    Nunes, Paulo
    Medeiros, Iberia
    Fonseca, Jose C.
    Neves, Nuno
    Correia, Miguel
    Vieira, Marco
    [J]. IEEE TRANSACTIONS ON RELIABILITY, 2018, 67 (03) : 1159 - 1175
  • [9] Static analysis for the π-calculus with applications to security
    Bodei, C
    Degano, P
    Nielson, F
    Nielson, HR
    [J]. INFORMATION AND COMPUTATION, 2001, 168 (01) : 68 - 92
  • [10] Analysis and Suggestions for the Security of Web Applications
    Yu, You
    Yang, Yuanyuan
    Gu, Jian
    Shen, Liang
    [J]. 2011 INTERNATIONAL CONFERENCE ON COMPUTER SCIENCE AND NETWORK TECHNOLOGY (ICCSNT), VOLS 1-4, 2012, : 236 - 240
12345