Publication Type
Conference Proceeding Article
Version
acceptedVersion
Publication Date
6-2012
Abstract
Static code attributes such as lines of code and cyclomatic complexity have been shown to be useful indicators of defects in software modules. As web applications adopt input sanitization routines to prevent web security risks, static code attributes that represent the characteristics of these routines may be useful for predicting web application vulnerabilities. In this paper, we classify various input sanitization methods into different types and propose a set of static code attributes that represent these types. Then we use data mining methods to predict SQL injection and cross site scripting vulnerabilities in web applications. Preliminary experiments show that our proposed attributes are important indicators of such vulnerabilities
Keywords
defect prediction, data mining, static code attributes, web security vulnerabilities, input sanitization
Discipline
Information Security | Software Engineering
Research Areas
Software and Cyber-Physical Systems
Publication
2012 34th International Conference on Software Engineering (ICSE): Zurich, June 2-9: Proceedings
First Page
1293
Last Page
1296
ISBN
9781467310673
Identifier
10.1109/ICSE.2012.6227096
Publisher
IEEE
City or Country
Piscataway, NJ
Citation
SHAR, Lwin Khin and TAN, Hee Beng Kuan.
Mining input sanitization patterns for predicting SQL injection and cross site scripting vulnerabilities. (2012). 2012 34th International Conference on Software Engineering (ICSE): Zurich, June 2-9: Proceedings. 1293-1296.
Available at: https://ink.library.smu.edu.sg/sis_research/4679
Copyright Owner and License
Authors
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Additional URL
https://doi.org/10.1109/ICSE.2012.6227096