Using SQL Hotspots in a Prioritization Heuristic for Detecting All Types of Web Application Vulnerabilities: Difference between revisions

Jump to navigation Jump to search
← Older editNewer edit →
Line 80: Line 80:
# ''WordPress'' - advanced blog management software that requires the MySQL database management system v4.1.2 or greater. Recent usage statistics have indicated that 74% of websites that are running blogging software are using WordPress<sup>16</sup>.    WordPress contains 138,967 source lines of code as determined by CLOC<sup>17</sup>. We examined issue reports on WordPress ranging from December 2004 through August 2009 and spanning nine public releases from Version 1.5 to Version 2.8. In WordPress, security issues are flagged using a user-specified indicator on Trac. We found that 88 out of the 6,647 (or 1.3%) total reported issues in WordPress were security-related.  This low density of security-related reports is not uncommon<sup>[17]</sup>.
# ''WordPress'' - advanced blog management software that requires the MySQL database management system v4.1.2 or greater. Recent usage statistics have indicated that 74% of websites that are running blogging software are using WordPress<sup>16</sup>.    WordPress contains 138,967 source lines of code as determined by CLOC<sup>17</sup>. We examined issue reports on WordPress ranging from December 2004 through August 2009 and spanning nine public releases from Version 1.5 to Version 2.8. In WordPress, security issues are flagged using a user-specified indicator on Trac. We found that 88 out of the 6,647 (or 1.3%) total reported issues in WordPress were security-related.  This low density of security-related reports is not uncommon<sup>[17]</sup>.
# ''WikkaWiki'' - a wiki management system that requires the MySQL database management system v3.23 or greater. WikkaWiki's website contains a list of 532 registered websites who have installed and are actively using the software<sup>18</sup>. WikkaWiki contains 46,025 source lines of code. We examined issue reports in WikkaWiki from November 2005 through June 2009 and spanning six public releases from Version 1.1.6.1-1.1.6.6. WikkaWiki does not use a Trac flag to indicate security issues, so we manually examined every WikkaWiki issue to determine which of them were related to security by classifying them into a CWE category.  We identified 61 out of the 884 (or 6.8%) reported issues as security-related.
# ''WikkaWiki'' - a wiki management system that requires the MySQL database management system v3.23 or greater. WikkaWiki's website contains a list of 532 registered websites who have installed and are actively using the software<sup>18</sup>. WikkaWiki contains 46,025 source lines of code. We examined issue reports in WikkaWiki from November 2005 through June 2009 and spanning six public releases from Version 1.1.6.1-1.1.6.6. WikkaWiki does not use a Trac flag to indicate security issues, so we manually examined every WikkaWiki issue to determine which of them were related to security by classifying them into a CWE category.  We identified 61 out of the 884 (or 6.8%) reported issues as security-related.
=== 4.2 Identifying Hotspots ===


== 5. Results ==
== 5. Results ==
Retrieved from "https://bw.kn1.us/wiki/index.php?title=Using_SQL_Hotspots_in_a_Prioritization_Heuristic_for_Detecting_All_Types_of_Web_Application_Vulnerabilities"