Research on Vulnerability Detection for Software Based on Taint Analysis
- DOI
- 10.2991/isccca.2013.107How to use a DOI?
- Keywords
- XSS vulnerability, taint dependency graph, web security
- Abstract
At present, Cross Site Scripting (XSS) vulnerability exists in most web sites. The main reason is the lack of effective validation and filtering mechanisms for user input data from web request. This paper explores vulnerability detection method which based on taint dependence analysis and implements a prototype system for Java Web program. We treat all user input as tainted data, and track the flow of Web applications, then we judge whether it will trigger an attack or not. The taint dependent analysis algorithm mentioned in this paper is used to construct the taint dependency graph. Next the value representation method of the string tainted object based on finite state automata is discussed. Finally, we propose the vulnerability detection method for the program. The experiment result shows that the prototype system can detect reflection cross-site scripting vulnerability well in those programs which don’t have effective treatment for the user input data.
- Copyright
- © 2013, the Authors. Published by Atlantis Press.
- Open Access
- This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).
Cite this article
TY - CONF AU - Beihai Liang AU - Binbin Qu AU - Sheng Jiang AU - Chutian Ye PY - 2013/02 DA - 2013/02 TI - Research on Vulnerability Detection for Software Based on Taint Analysis BT - Proceedings of the 2nd International Symposium on Computer, Communication, Control and Automation (ISCCCA 2013) PB - Atlantis Press SP - 434 EP - 437 SN - 1951-6851 UR - https://doi.org/10.2991/isccca.2013.107 DO - 10.2991/isccca.2013.107 ID - Liang2013/02 ER -