Using SQL Hotspots in a Prioritization Heuristic for Detecting All Types of Web Application Vulnerabilities: Difference between revisions
Jump to navigation
Jump to search
Programsam (talk | contribs) |
Programsam (talk | contribs) |
||
| Line 66: | Line 66: | ||
For these case studies, we analyzed the Trac issue reports for two open source web applications, WordPress<sup>8</sup> and WikkaWiki<sup>9</sup>. Trac is a web-based issue management system, similar to Bugzilla<sup>10</sup>, which integrates Subversion<sup>11</sup> repository information. The details of our analysis are provided in Sections 4.2 through 4.5. | For these case studies, we analyzed the Trac issue reports for two open source web applications, WordPress<sup>8</sup> and WikkaWiki<sup>9</sup>. Trac is a web-based issue management system, similar to Bugzilla<sup>10</sup>, which integrates Subversion<sup>11</sup> repository information. The details of our analysis are provided in Sections 4.2 through 4.5. | ||
=== 4.1 Selecting the Study Subjects === | |||
To improve the accuracy of tracing vulnerabilities to source code, we chose projects that use the Trac issue-management system. The Trac Users page <sup>12</sup> lists the development teams who choose to report that they use the Trac issue-management system to track their defects. We selected the two projects for the case study (hereafter, our "subjects") by inspecting each of the projects on the Trac Users page for projects that had the following attributes. | |||
== 5. Results == | == 5. Results == | ||