Using SQL Hotspots in a Prioritization Heuristic for Detecting All Types of Web Application Vulnerabilities: Difference between revisions

Jump to navigation Jump to search
← Older editNewer edit →
Line 70: Line 70:


To improve the accuracy of tracing vulnerabilities to source code, we chose projects that use the Trac issue-management system.  The Trac Users page <sup>12</sup> lists the development teams who choose to report that they use the Trac issue-management system to track their defects.  We selected the two projects for the case study (hereafter, our "subjects") by inspecting each of the projects on the Trac Users page for projects that had the following attributes.
To improve the accuracy of tracing vulnerabilities to source code, we chose projects that use the Trac issue-management system.  The Trac Users page <sup>12</sup> lists the development teams who choose to report that they use the Trac issue-management system to track their defects.  We selected the two projects for the case study (hereafter, our "subjects") by inspecting each of the projects on the Trac Users page for projects that had the following attributes.
* '''Implemented in PHP''' - We chose subjects that were written in PHP. Recent usage statistics indicate that 30% of web applications are implemented using PHP, which is more than any other framework<sup>13</sup>.  We were also interested in controlling language-dependent factors of our analysis since we are not interested in comparing programming languages in terms of their security.


== 5. Results ==
== 5. Results ==
Retrieved from "https://bw.kn1.us/wiki/index.php?title=Using_SQL_Hotspots_in_a_Prioritization_Heuristic_for_Detecting_All_Types_of_Web_Application_Vulnerabilities"