Research On API Vulnerability Classification And Dynamic Detection Method Based On 3D Tree

With the wide application of API,API vulnerability has become one of the important issues of Web application security.Traditional API vulnerability detection methods mainly use static detection or dynamic detection methods,which have certain limitations and cannot completely cover API vulnerabilities.When classifying vulnerability results,the traditional vulnerability classification methods cause redundancy of duplicate information and missing detection information.In this thesis,I propose an API vulnerability detection idea that fuses the detection results of open source vulnerability tools with a 3D tree-based vulnerability classification model to classify the detection results in order to improve the efficiency and accuracy of API vulnerability detection.The thesis mainly accomplishes the following work:(1)The more popular vulnerability classification methods and dynamic combination vulnerability detection methods are studied,and the existing vulnerability classification methods and open source dynamic combination detection tool detection rules are summarized as possible improvement research points,and an improvement idea is proposed.(2)In the vulnerability classification method,this thesis proposes a vulnerability classification method based on the traditional single-dimensional vulnerability classification method combined with the idea of three-dimensional tree applied to API vulnerabilities,and the vulnerability types derived from the new vulnerability classification method are verified to be compatible with traditional vulnerability classification libraries such as CWE and Fortify,and the examples prove that the classification method proposed in this thesis is compatible with some of the API vulnerabilities in traditional vulnerability libraries vulnerabilities and the classification results are more accurate and detailed.(3)In terms of vulnerability detection rules,this thesis proposes three vulnerability detection rules based on the open source DAST vulnerability detection tool,OWASP ZAP,for static code detection of divide-by-zero vulnerability,pointer subtraction vulnerability and pointer sizeof()vulnerability,to detect vulnerability types that are not easily detected by the OWASP ZAP tool,and the experiment proves that the new rules are comparable to other vulnerability detection rules that come with OWASP ZAP.The new rules have been shown to have comparable detection capabilities compared to other vulnerability detection rules that come with OWASP ZAP.The method proposed in this thesis can detect and classify vulnerabilities in APIs with an accuracy rate that meets general rule design standards.Based on its detection results,the scope of vulnerability detection and the efficiency of vulnerability remediation can be improved.Therefore,the API vulnerability detection method proposed in this thesis is effective for API vulnerability detection development.