PROJECT TITLE :
Detecting and Removing Web Application Vulnerabilities with Static Analysis and Data Mining
Although a giant analysis effort on.Net application security has been happening for more than a decade, the protection of internet applications continues to be a challenging problem. An important part of that downside derives from vulnerable source code, typically written in unsafe languages like PHP. Source code static analysis tools are a solution to search out vulnerabilities, however they have an inclination to get false positives, and need considerable effort for programmers to manually fix the code. We have a tendency to explore the employment of a combination of methods to get vulnerabilities in supply code with fewer false positives. We combine taint analysis, that finds candidate vulnerabilities, with information mining, to predict the existence of false positives. This approach brings along two approaches that are apparently orthogonal: humans coding the data regarding vulnerabilities (for taint analysis), joined with the seemingly orthogonal approach of automatically obtaining that knowledge (with machine learning, for knowledge mining). Given this enhanced form of detection, we have a tendency to propose doing automatic code correction by inserting fixes in the source code. Our approach was implemented within the WAP tool, and an experimental evaluation was performed with a giant set of PHP applications. Our tool found 38eight vulnerabilities in one.4 million lines of code. Its accuracy and precision were approximately 5% higher than PhpMinerII's and forty fivep.c higher than Pixy's.
Did you like this research project?
To get this research project Guidelines, Training and Code... Click Here