| Publisher | Stanford University | ||
|---|---|---|---|
| Format | 230.4KB PDF | Date added | 17 May 2005 |
| Topics | Java, Programming Languages, Application Development | ||
| Downloads | 136 | ||
This paper proposes a static analysis technique for detecting many recently discovered application vulnerabilities such as SQL injections, cross-site scripting, and HTTP splitting attacks. These vulnerabilities stem from unchecked input, which is widely recognized as the most common source of security vulnerabilities in Web applications. This paper proposes a static analysis approach based on scalable and precise points-to analysis. In the system, user-provided specifications of vulnerabilities are automatically translated into static analyzers. The approach finds all vulnerabilities matching a specification in the statically analyzed code.
Did you find this white paper useful?
29 out of 50 users found this white paper useful
Related white papers
Outsourcing the data centre to a carrier neutral data centre operator in Europe
Should you outsource your data centre? You should if your organization has mission critical IT services, latency dependent Web services, business critical applications, or Internet centric services that need to...
Increase developer productivity using IBM RationalTM and WebSphereTM.
Even in a down economy, it's important to deliver services quickly. This Webcast presentation shows how by using solutions from Rational and WebSphere, development teams can leverage the latest Web...
Is the time right to move from RISC to Intel Architecture?
Previous business decisions to deploy your IT solutions on RISC based architectures was most likely the right decision at the time based on the business need, the solutions availability and...
Wharton Business School Raises the Bar Again with an Innovative, Eco-friendly, Smart MFP Printing Solution
Adopting Smart MFP (multifunction printer) Technology Experts argue that organizations that manage their printing infrastructure can save up to 30 percent of their printing spend. Want to learn how you...
Weblogic Server 8.1: Using BEA WebLogic JMS With Applets
In WebLogic Server 8.1, you can run using the standard jar or the client jar. The standard jar, weblogic.jar, contains all of the software to run WebLogic Server and provides...
Wondering Why Strategy Is Not Producing Results?
Execution is the difference™. It is the critical success factor. While every company has a strategy, most also have a giant execution deficit. The reality is that it's almost impossible...
Oriental Overseas Container Line Cuts Development Cycle by 50%
OOCL leads the container transportation industry in its use of technology. In 2007, the company was looking for a more efficient and cost-effective way to improve response times in its...
