Using Unit Testing to Detect Sanitization Flaws

Input sanitization mechanisms are widely used to mitigate vulnerabilities to injection attacks such as cross-site scripting. Static analysis tools and techniques commonly used to ensure that applications utilize sanitization functions. Dynamic analysis must be to evaluate the correctness of sanitiza...

Full description

Saved in:
Bibliographic Details
Published in:arXiv.org 2018-04
Main Authors: Mohammadi, Mahmoud, Chu, Bill, Heather Richter Lipford
Format: Article
Language:English
Subjects:
Empirical analysis
Flaw detection
Software reviews
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Input sanitization mechanisms are widely used to mitigate vulnerabilities to injection attacks such as cross-site scripting. Static analysis tools and techniques commonly used to ensure that applications utilize sanitization functions. Dynamic analysis must be to evaluate the correctness of sanitization functions. The proposed approach is based on unit testing to bring the advantages of both static and dynamic techniques to the development time. Our approach introduces a technique to automatically extract the sanitization functions and then evaluate their effectiveness against attacks using automatically generated attack vectors. The empirical results show that the proposed technique can detect security flaws cannot find by the static analysis tools.
ISSN:2331-8422
DOI:10.48550/arxiv.1804.00753