Using SQL Hotspots in a Prioritization Heuristic for Detecting All Types of Web Application Vulnerabilities: Difference between revisions
Jump to navigation
Jump to search
Programsam (talk | contribs) |
Programsam (talk | contribs) |
||
| Line 14: | Line 14: | ||
''The goal of this research is to improve the prioritization of security fortification efforts by investigating the ability of SQL hotspots to be used as the basis for a heuristic for the prediction of all vulnerability types''. We have already defined the identification of hotspots<sup>[14]</sup>, and demonstrated<sup>[15]</sup> that testers can target hotspots at the system level to expose error message information leakage vulnerabilities<sup>5</sup>. In this paper, we evaluate the ability of hotspots used in a model with number of lines of code to perform in prediction models that can help point testers to files in the source code that are likely to contain all types of web application vulnerabilities. We include lines of code in our model as a way of normalizing the number of SQL hotspots per file to make the comparison between files more accurate even as file sizes vary. | ''The goal of this research is to improve the prioritization of security fortification efforts by investigating the ability of SQL hotspots to be used as the basis for a heuristic for the prediction of all vulnerability types''. We have already defined the identification of hotspots<sup>[14]</sup>, and demonstrated<sup>[15]</sup> that testers can target hotspots at the system level to expose error message information leakage vulnerabilities<sup>5</sup>. In this paper, we evaluate the ability of hotspots used in a model with number of lines of code to perform in prediction models that can help point testers to files in the source code that are likely to contain all types of web application vulnerabilities. We include lines of code in our model as a way of normalizing the number of SQL hotspots per file to make the comparison between files more accurate even as file sizes vary. | ||
We built and analyzed a prediction model based on the security vulnerability reports of two open source PHP web applications: nine releases of WordPress<sup>6</sup>, a blogging application, and six releases of WikkaWiki<sup>7</sup>, a wiki management engine. We compared the evaluation of our model's ability to predict vulnerable files with a random guess calculated based on the distribution of vulnerabilities within each system. | We built and analyzed a prediction model based on the security vulnerability reports of two open source PHP web applications: nine releases of WordPress<sup>6</sup>, a blogging application, and six releases of WikkaWiki<sup>7</sup>, a wiki management engine. We compared the evaluation of our model's ability to predict vulnerable files with a random guess calculated based on the distribution of vulnerabilities within each system. The contributions of this paper are as follows: | ||
* Empirical evidence that SQL hotspots can be used along with lines of code as the basis for a heuristic for prioritizing security V&V efforts because they are predictive of all types of web application vulnerabilities. | |||
* A resultant design strategy that recommends separating the database concern of an application into a single file to produce a lower proportion of input validation vulnerabilities. | |||
The rest of this paper is organized as follows. Section 2 presents background information related to vulnerability identification. Then, Section 3 reviews related work. Next, Section 4 presents our methodology for gathering and analyzing the vulnerability data. Section 5 presents the results of the study and Section 6 presents the limitations of this study. Finally, Section 7 concludes. | |||
== 9. References == | == 9. References == | ||