| With the rapid development of Internet technology, more and more Web applications are made. Consequently web application security issues become increasingly prominent. So how to solve the software vulnerabilities is a very important current research topic. Most of the Web application security problems are caused by the defects of the software itself. The methods of detecting software vulnerabilities are divided into dynamic analysis and static analysis. Comparing with dynamic analysis methods which demand high human and material resources, static analysis methods has the advantages of fast analysis speed, low cost, easy to implement. This paper is to study the static analysis method to solve the Java Web project security vulnerabilities.The research of this paper is based on the Java Web project developed by the lab, aiming at solving the possible problem of security vulnerabilities. Through a large number of access to literature and information, we managed to learn the static analysis of the relevant theoretical knowledge, research and analyze the common Web application vulnerabilities, study the basic characteristics of these vulnerabilities to understand the loopholes in the principle and solutions. This paper mainly adopts the defect pattern matching based on the character flow, the syntax tree, the intermediate code analysis method and the data flow analysis method. Since each analysis method, with it's own inclination of the analyzed object as well as the analysis method, has it's own false positive set. So we use the mixed analysis method to design the detection scheme, and then use Java Web technology to develop and implement the static analysis loophole detection system. Through the experiment to test and analyze the program, the scheme is proved that it can not only detect the security vulnerabilities in Web application, but also effectively reduce the false negative rate. |
PDF Full Text Request