Visible to the public Locating SQL Injection Vulnerabilities in Java Byte Code Using Natural Language Techniques

TitleLocating SQL Injection Vulnerabilities in Java Byte Code Using Natural Language Techniques
Publication TypeConference Paper
Year of Publication2018
AuthorsJackson, K. A., Bennett, B. T.
Conference NameSoutheastCon 2018
ISBN Number978-1-5386-6133-8
Keywordscode analysis, code analysis tools, Collaboration, Decision trees, Human Behavior, human factors, Java, Java byte code, Java program, Metrics, natural language processing, natural language techniques, policy-based governance, program diagnostics, pubcrawl, python, resilience, Resiliency, Safe Coding, Secure Coding, security, security of data, singular decision trees, Software, software vulnerabilities, source code (software), SQL, SQL Injection, SQL injection vulnerabilities, Standards, text mining, Tools

With so much our daily lives relying on digital devices like personal computers and cell phones, there is a growing demand for code that not only functions properly, but is secure and keeps user data safe. However, ensuring this is not such an easy task, and many developers do not have the required skills or resources to ensure their code is secure. Many code analysis tools have been written to find vulnerabilities in newly developed code, but this technology tends to produce many false positives, and is still not able to identify all of the problems. Other methods of finding software vulnerabilities automatically are required. This proof-of-concept study applied natural language processing on Java byte code to locate SQL injection vulnerabilities in a Java program. Preliminary findings show that, due to the high number of terms in the dataset, using singular decision trees will not produce a suitable model for locating SQL injection vulnerabilities, while random forest structures proved more promising. Still, further work is needed to determine the best classification tool.

Citation Keyjackson_locating_2018