TAILIEUCHUNG - Supporting secure programming in web applications through interactive static analysis

Many security incidents are caused by software developers’ failure to adhere to secure programming practices. Static analysis tools have been used to detect software vulnerabilities. However, their wide usage by developers is limited by the special training required to write rules customized to application-specific logic. Our approach is interactive static analysis, to integrate static analysis into Integrated Development Environment (IDE) and provide in-situ secure programming support to help developers prevent vulnerabilities during code construction. No additional training is required nor are there any assumptions on ways programs are built. Our work is motivated in part by the observation that many vulnerabilities are introduced due to failure to practice secure programming by knowledgeable developers. We implemented a prototype interactive static analysis tool as a plug-in for Java in Eclipse. Our technical evaluation of our prototype detected multiple zero-day vulnerabilities in a large open source project. Our evaluations also suggest that false positives may be limited to a very small class of use cases. | Supporting secure programming in web applications through interactive static analysis

• Quản trị Web
• Secure programming
• Static analysis
• Interactive static analysis
• Software vulnerabilities
• Supporting secure programming
• Build Secure Extend
• Black Berry
• phone programming
• mobile programming
• learn Programming Black Berry Black Berry
• Secure Programming for Linux and Unix HOWTO
• process engineering
• basic programming
• information technology
• system design
• C#
• Computer
• Secure Programming Cookbook for C and C+
• Recipes for Cryptography
• Authentication
• Input Validation
• C++
• Systems in C
• Programming Language
• Secure Coding
• in C and C++
• Cisco® Secure Internet Security Solutions
• Red Hat Secure Web Server
• Java Network Programming
• Third Edition
• Java
• n TCP and UDP sockets
• Java Mail API
• Java Secure Sockets
• Basic network concepts
• Sockets for clients
• Sockets for servers
• Secure sockets
• Nonblocking I/O
• IP multicast
• curriculum
• web programming
• PHP language
• php architect
• Secure SOAP Transactions
• Object Oriented Programming
• Persistence Layers
• Hardcoding SQL
• Data Classes
• Concluding Remarks
• PHP programmers
• Exploring Information
• Microsoft
• Programming Guide
• complete inet
• Beginning PHP and MySQL
• Ebook Beginning PHP and MySQL
• Web services
• Secure PHP programming
• Configuring MySQL
• Securing MySQL