Research On Vulnerability Detection For Java Web Software Based On Taint Analysis

Web systems are usually deployed in the opened Internet environment, and user caninput data arbitrarily, which puts forward higher requirements of system securityauthentication mechanism．Therefore, it becomes an important research field of softwaretesting that whether there is an effective security authentication mechanism in the testingprocedures．The taint dependency analysis, which is based on static analysis, can analyzethe source and flows of user input data as well as the process of data change in theprogram execution sequence．And then the vulnerability that the program is lack of aneffective security mechanism to process the user input data will be found．Thus, it is worthfurther research.The vulnerability detection method based on taint analysis for Java programs isimplemented through five steps, including program language recognition, dependencyanalysis, sensitive points of vulnerability collection, the taint analysis and evaluation, andthe attack pattern match．The Java source code will be transformed into the intermediaterepresentation, through lexical and syntax analysis．And each element as well as thestructure information of the code is stored in the well.designed IR data structure．So thesource code can be quickly positioned and traversed．The data dependency and theprogram dependencies of method calls will be extracted through traversing IR based ondata flow analysis．Meanwhile, the vulnerability sensitive points will be collected bymatching the sensitive API called．The reverse taint dependency analysis for eachvulnerability sensitive point will be executed by using the data dependency graph and thedependency graph of method calls to generate the taint dependency graph．The possiblevalues set of string taint will be represented by finite state automata by using automataoperating library．Finally, the program vulnerability detection will be implemented by theintersection the vulnerability sensitive point value with the attack pattern.The experiments show that the vulnerability detection system based on taint analysisfor Java programs can find the SQL injection and cross.site scripting vulnerabilities in theWeb program, which is lack of effective security processing for user input data.