| With the development of computer networks, Web applications provide people with awide range of services. However, the vulnerability exists in the software gave rise tosecurity risks. As the rapid increase in the utilization of web application software, makingweb application vulnerability testing and repair work is particularly important. And themost serious of the three web applications vulnerabilities: Cross Site Scripting (XSS),Injection Flaws and Malicious File Execution are due to improper string manipulation,Programs that propagate and use malicious user inputs sanitization or with impropersanitization suffered the destruction of these common attacks.Automata-based string analysis as a method of static analysis, realizeslanguage-based automatic machine operation, compute all possible values that stringvariables can take at a given program point during program execution with determinatefinite automata structure for the foundation. According to the given standard to analyse theresult set of string analysis, identifies if string variables is with improper sanitization, thusbugs and security vulnerabilities were detected.Vulnerability detection based on string analysis constructs the Sink DependenceGraph in the use of sink analysis based on program slicing, using automata-based stringanalysis calculates all possible values that string variables can take at each program point,identifies if vulnerability exists in a program by matching with the attack pattern, if it isvulnerable, automatically generate vulnerability signature for targeted signature-basedinput filtering, Eventually, completed automatically detection vulnerability for stringmanipulating programs. The practical application of ADVS(Automatic Detection ofVulnerability System) show that the feasibility and effectiveness of Vulnerability detectionbased on string analysis. |
PDF Full Text Request