Cross site scripting is considered the major threat to the security of web applications. Removing vulnerabilities from existing web applications is a manual expensive task that would benefit from some level of automatic assistance. Static analysis represents a valuable support for security review, by suggesting candidate vulnerable points to be checked man- ually. However, potential benefits are quite limited when too many false positives, safe portions of code classified as vulnerable, are reported. In this paper, we present a preliminary investigation on the integration of static analysis with genetic algorithms. We show that this approach can suggest candidate false pos- itives reported by static analysis and provide input vectors that expose actual vulnerabilities, to be used as test cases in security testing.
Towards Security Testing with Taint Analysis and Genetic Algorithms
Avancini, Andrea;Ceccato, Mariano
2010-01-01
Abstract
Cross site scripting is considered the major threat to the security of web applications. Removing vulnerabilities from existing web applications is a manual expensive task that would benefit from some level of automatic assistance. Static analysis represents a valuable support for security review, by suggesting candidate vulnerable points to be checked man- ually. However, potential benefits are quite limited when too many false positives, safe portions of code classified as vulnerable, are reported. In this paper, we present a preliminary investigation on the integration of static analysis with genetic algorithms. We show that this approach can suggest candidate false pos- itives reported by static analysis and provide input vectors that expose actual vulnerabilities, to be used as test cases in security testing.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.