Visible to the public Static analysis approaches to detect SQL injection and cross site scripting vulnerabilities in web applications: A survey

TitleStatic analysis approaches to detect SQL injection and cross site scripting vulnerabilities in web applications: A survey
Publication TypeConference Paper
Year of Publication2014
AuthorsGupta, M.K., Govil, M.C., Singh, G.
Conference NameRecent Advances and Innovations in Engineering (ICRAIE), 2014
Date PublishedMay
KeywordsAnalytical models, attack prevention, Cross Site Scripting, cross site scripting vulnerabilities, defensive programming, financial transaction, Guidelines, health problem, Internet, legacy Web applications, malicious users, Manuals, program diagnostics, Programming, programming mistakes, security of data, security vulnerabilities, security weaknesses, Servers, social communications, Software, software development life cycle, software maintenance, software reliability, source code, source code (software), SQL, SQL Injection, SQLI, static analysi, static analysis, Testing, vulnerabilitie, vulnerability detection, web applicatio, Web applications, XSS

Dependence on web applications is increasing very rapidly in recent time for social communications, health problem, financial transaction and many other purposes. Unfortunately, presence of security weaknesses in web applications allows malicious user's to exploit various security vulnerabilities and become the reason of their failure. Currently, SQL Injection (SQLI) and Cross-Site Scripting (XSS) vulnerabilities are most dangerous security vulnerabilities exploited in various popular web applications i.e. eBay, Google, Facebook, Twitter etc. Research on defensive programming, vulnerability detection and attack prevention techniques has been quite intensive in the past decade. Defensive programming is a set of coding guidelines to develop secure applications. But, mostly developers do not follow security guidelines and repeat same type of programming mistakes in their code. Attack prevention techniques protect the applications from attack during their execution in actual environment. The difficulties associated with accurate detection of SQLI and XSS vulnerabilities in coding phase of software development life cycle. This paper proposes a classification of software security approaches used to develop secure software in various phase of software development life cycle. It also presents a survey of static analysis based approaches to detect SQL Injection and cross-site scripting vulnerabilities in source code of web applications. The aim of these approaches is to identify the weaknesses in source code before their exploitation in actual environment. This paper would help researchers to note down future direction for securing legacy web applications in early phases of software development life cycle.

Citation Key6909173