Research on Vulnerability Detection for Software Based on Taint Analysis
At present,Cross Site Scripting (XSS) vulnerability exists in most web sites.The main reason is the lack of effective validation and filtering mechanisms for user input data from web request.This paper explores vulnerability detection method which based on taint dependence analysis and implements a prototype system for Java Web program.We treat all user input as tainted data,and track the flow of Web applications,then we judge whether it will trigger an attack or not.The taint dependent analysis algorithm mentioned in this paper is used to construct the taint dependency graph.Next the value representation method of the string tainted object based on finite state automata is discussed.Finally,we propose the vulnerability detection method for the program.The experiment result shows that the prototype system can detect reflection cross-site scripting vulnerability well in those programs which dont have effective treatment for the user input data.
XSS vulnerability taint dependency graph web security
Beihai Liang Binbin Qu Sheng Jiang Chutian Ye
School.of Compute Science, Huazhong University of Science & Technology, Wuhan, 430074,China ; Shenzhen Key Laboratory of High Performance Data Mining, Shenzhen, 518055, China
国际会议
太原
英文
434-437
2013-04-06(万方平台首次上网日期,不代表论文的发表时间)