Using SQL Hotspots in a Prioritization Heuristic for Detecting All Types of Web Application Vulnerabilities: Difference between revisions

← Older edit Newer edit →

@@ Line 87: / Line 87: @@
 We refer to our list of files and attributes and information about these files as the <code>files</code> dataset.  We refer to our local copy of the Trac reports for each project, with attributes and information about these Tracs as the <code>tracs</code> dataset.
-Both our study subjects accessed the database management system through the PHP-provided function <code>mysql_query()<code>.  In WordPress, hotspots are wrapped in a class called <code>$wpdb</code>.  Conversely, in WikkaWiki hotspots occur using a call to the <code>Query</code> function in the <code>Wakka</code> class.
+Both our study subjects accessed the database management system through the PHP-provided function <code>mysql_query()</code>.  In WordPress, hotspots are wrapped in a class called <code>$wpdb</code>.  Conversely, in WikkaWiki hotspots occur using a call to the <code>Query</code> function in the <code>Wakka</code> class.
 Since manually identifying hotspots can be very time consuming, we wrote a script that parses the file structure and searches for all instances of the project-specific string that indicates the existence of a hotspot.  Specifically, we manually inspected the code until we could create an appropriate regular expression.  We created a matcher to use with this regular expression that would catch all the different source code forms for a hotspot in each project.  We checked the internal correctness of this script on ten files (five from each project) by manually counting the hotspots present in these files and comparing the result to the number calculated by our script.

Using SQL Hotspots in a Prioritization Heuristic for Detecting All Types of Web Application Vulnerabilities: Difference between revisions

Navigation menu

Search