Using SQL Hotspots in a Prioritization Heuristic for Detecting All Types of Web Application Vulnerabilities: Difference between revisions

Jump to navigation Jump to search
← Older editNewer edit →
Line 12: Line 12:
Although techniques such as code reviews and design discussions can help developers reduce the number of vulnerabilities they introduce into the source code, the software development community currently has no single solution that will eliminate all security issues<sup>[7]</sup>. Furthermore, development organizations often do not have the time or resources to perform vulnerability detection efforts on every source file in a product before its release. Validation and verification (V&V) must be prioritized in such a way that the security fortification starts with the files that are most likely to be vulnerable first. SQL hotspots may help development organizations prioritize security fortification efforts. SQL hotspots (or just "hotspots" in this paper) are any point in the application source code where the system interacts with a database management system<sup>[3, 6]</sup>. Hotspots are typically associated with input validation vulnerabilities like SQL injection<sup>4</sup>, but they might also be useful for predicting any web application vulnerability since they protect the typical web application's most valuable asset: the database<sup>[3, 6]</sup>.
Although techniques such as code reviews and design discussions can help developers reduce the number of vulnerabilities they introduce into the source code, the software development community currently has no single solution that will eliminate all security issues<sup>[7]</sup>. Furthermore, development organizations often do not have the time or resources to perform vulnerability detection efforts on every source file in a product before its release. Validation and verification (V&V) must be prioritized in such a way that the security fortification starts with the files that are most likely to be vulnerable first. SQL hotspots may help development organizations prioritize security fortification efforts. SQL hotspots (or just "hotspots" in this paper) are any point in the application source code where the system interacts with a database management system<sup>[3, 6]</sup>. Hotspots are typically associated with input validation vulnerabilities like SQL injection<sup>4</sup>, but they might also be useful for predicting any web application vulnerability since they protect the typical web application's most valuable asset: the database<sup>[3, 6]</sup>.


''The goal of this research is to improve the prioritization of security fortification efforts by investigating the ability of SQL hotspots to be used as the basis for a heuristic for the prediction of all vulnerability types''. We have already defined the identification of hotspots<sup>[14]</sup>, and demonstrated that testers can target hotspots at the system level to expose error message information leakage vulnerabilities<sup>5</sup><sup>[15]</sup>. In this paper, we evaluate the ability of hotspots used in a model with number of lines of code to perform in prediction models that can help point testers to files in the source code that are likely to contain all types of web application vulnerabilities. We include lines of code in our model as a way of normalizing the number of SQL hotspots per file to make the comparison between files more accurate even as file sizes vary.
''The goal of this research is to improve the prioritization of security fortification efforts by investigating the ability of SQL hotspots to be used as the basis for a heuristic for the prediction of all vulnerability types''. We have already defined the identification of hotspots<sup>[14]</sup>, and demonstrated<sup>[15]</sup> that testers can target hotspots at the system level to expose error message information leakage vulnerabilities<sup>5</sup>. In this paper, we evaluate the ability of hotspots used in a model with number of lines of code to perform in prediction models that can help point testers to files in the source code that are likely to contain all types of web application vulnerabilities. We include lines of code in our model as a way of normalizing the number of SQL hotspots per file to make the comparison between files more accurate even as file sizes vary.


We built and analyzed a prediction model based on the security vulnerability reports of two open source PHP web applications: nine releases of WordPress6, a blogging application, and six releases of WikkaWiki7, a wiki management engine. We compared the evaluation of our model's ability to predict vulnerable files with a random guess calculated based on the distribution of vulnerabilities within each system.
We built and analyzed a prediction model based on the security vulnerability reports of two open source PHP web applications: nine releases of WordPress<sup>6</sup>, a blogging application, and six releases of WikkaWiki<sup>7</sup>, a wiki management engine. We compared the evaluation of our model's ability to predict vulnerable files with a random guess calculated based on the distribution of vulnerabilities within each system.


== 9. References ==
== 9. References ==
Retrieved from "https://bw.kn1.us/wiki/index.php?title=Using_SQL_Hotspots_in_a_Prioritization_Heuristic_for_Detecting_All_Types_of_Web_Application_Vulnerabilities"