Static and dynamic analysis for web security in industry applications

被引：2

作者：

Wu, Raymond ^{[1
]}

Hisada, Masayuki ^{[1
]}

机构：

[1] NST Inc, Dept Res & Dev, Aizu Wakamatsu, Fukushima, Japan

来源：

INTERNATIONAL JOURNAL OF ELECTRONIC SECURITY AND DIGITAL FORENSICS | 2010年 / 3卷 / 02期

关键词：

vulnerability; web security; static analysis; dynamic analysis; tracking; abstract syntax;

D O I：

10.1504/IJESDF.2010.033782

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

To apply our analysis work in industry security applications, we are investigating semantic metadata and structural syntax analysis. This paper explains how our approaches achieve the goal in terms of static and dynamic analysis by using industry scenarios. To better explain the framework and roadmap, we describe our approaches by using macro and micro views individually. Macro view oversees syntax structure and identification, while micro view envisions metadata messaging and parser automaton. The coherence of macro and micro views forms web security framework in tracking and validation. Our research applies the security service in industry fraud detection. It demonstrates metadata messaging for tracking, and HIPA code generation for validation. This bridges the gap between static and dynamic analysis. This also builds up the foundation of web security governance.

引用

页码：138 / 150

页数：13

共 50 条

[31] Static DOM Event Dependency Analysis for Testing Web Applications
Sung, Chungha
Kusano, Markus
Sinha, Nishant
Wang, Chao
[J]. FSE'16: PROCEEDINGS OF THE 2016 24TH ACM SIGSOFT INTERNATIONAL SYMPOSIUM ON FOUNDATIONS OF SOFTWARE ENGINEERING, 2016, : 447 - 459
[32] Enhancing the security of web applications
Striletchi, C
Vaida, MF
[J]. ITI 2003: PROCEEDINGS OF THE 25TH INTERNATIONAL CONFERENCE ON INFORMATION TECHNOLOGY INTERFACES, 2003, : 463 - 468
[33] SOA Web Security and Applications
Wu, Raymond
Hisada, Masayuki
[J]. JOURNAL OF OBJECT TECHNOLOGY, 2010, 9 (02): : 163 - 171
[34] Analysis of Key Critical Requirements for Enhancing Security of Web Applications
Kumar, R.
[J]. 2015 INTERNATIONAL CONFERENCE ON COMPUTERS, COMMUNICATIONS, AND SYSTEMS (ICCCS), 2015, : 241 - 245
[35] Static Security Evaluation of an Industrial Web Application
Welearegai, Gebrehiwet B.
Schlueter, Max
Hammer, Christian
[J]. SAC '19: PROCEEDINGS OF THE 34TH ACM/SIGAPP SYMPOSIUM ON APPLIED COMPUTING, 2019, : 1952 - 1961
[36] Symbolic Security Analysis of Ruby-on-Rails Web Applications
Chaudhuri, Avik
Foster, Jeffrey S.
[J]. PROCEEDINGS OF THE 17TH ACM CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY (CCS'10), 2010, : 585 - 594
[37] Static analysis for security
Chess, B
McGraw, G
[J]. IEEE SECURITY & PRIVACY, 2004, 2 (06) : 76 - 79
[38] Dynamic Analysis and Debugging of Binary Code for Security Applications
Li, Lixin
Wang, Chao
[J]. RUNTIME VERIFICATION, RV 2013, 2013, 8174 : 403 - 423
[39] Dynamic vs. Static Flow-Sensitive Security Analysis
Russo, Alejandro
Sabelfeld, Andrei
[J]. 2010 23RD IEEE COMPUTER SECURITY FOUNDATIONS SYMPOSIUM (CSF), 2010, : 186 - 199
[40] A Synergy between Static and Dynamic Analysis for the Detection of Software Security Vulnerabilities
Hanna, Aiman
Ling, Hai Zhou
Yang, XiaoChun
Debbabi, Mourad
[J]. ON THE MOVE TO MEANINGFUL INTERNET SYSTEMS: OTM 2009, PT 2, 2009, 5871 : 815 - 832

← 1 2 3 4 5 →