Research On Static Detection Technology Of Web Application Defect Based On The Platform Of J2EE

With the development of Internet, people’s actions are more and more inseparable from the Internet. The Internet likes a double-edged sword due to it brings people convenience while also produces great potential security problems; Internet users’ privacy, property and computer security suffer serious threat. Therefore how to guarantee the security of Internet users has become increasingly important. In order to ensure the security of Internet users, we must detect the Internet application’s vulnerabilities before it releases to avoid code defects provide opportunity for attackers.All kinds of existing code defect detection technologies have its disadvantage respectively; it can be improved on the aspects of detect efficiency and accuracy. Manual analysis’low detect efficiency, dynamic analysis’high false negative rate, static analysis’high false positive rate, they all have their limitations.Static analysis method is the technology that can automatically detect program’s defect without executing it. Static analysis method firstly converts the source code into abstract intermediate language, and then analyzes the abstract intermediate language to find the subsistent defect. In this paper, on the basis of deeply studying code static analysis technology, we adopts a static defect detection method upon database query language to detect the defects in Java EE web application. In order to make the detect result more accurate, this paper also deeply studies the alias analysis based on tainted data and context-sensitive alias analysis technology based on cloning in the process of code abstract analysis. In addition, according to the characteristics of the Java EE web application defects, this paper presents a reverse defect detection method which regards the insecurity data as entrance, reversely analyzes form the insecurity data which may cause vulnerability. A series of experiments and data prove the static analysis technology and reverse detect analysis model based on insecurity data proposed here can gain more efficiency and accuracy.Aiming at the static defect detection of Java EE web application, this paper innovatively puts forward a reverse defect analysis model which takes insecurity data may cause vulnerability as a breakthrough point, which has great significance in terms of protecting companies’and Internet users’ property and privacy security.