An Integrated Analyzer for Verifying Web Application Security
Date Issued
2011
Date
2011
Author(s)
Shih, Jen-Feng
Abstract
More than two billion people accessed the Internet in 2010. With the rise of social networks, more and more Internet users put their personal information on Web applications. Consequently, the importance of Web application security has greatly increased in recent years. There are many techniques and tools for detecting Web application security vulnerabilities, both in industry and in academia. Though they can identify almost all vulnerabilities, their analysis results still contain excessive false positives that need to be veri ed by human experts.
This problem may be attributed to several factors. One of these factors is that current
analyzers cannot analyze the data flow of a Web application completely. The main difficulty is that Web applications are multi-staged programs. The rst-stage programs are
server-side programs which execute on the server-side and dynamically generate client-side programs. These client-side programs are second-stage programs which run on the user''s browser and can interact with the users. Vulnerabilities may occur either on the client side or the server side. However, the client-side programs sometimes interact with the server, for example when using AJAX. Such data flows between the client and the server are usually not detected by current analyzers. In this thesis, we aim at analyzing the data flow of Web applications more completely.
The major vulnerabilities that we focus on are Cross-Site Scripting and SQL Injection.
They are the top two of the risks faced by businesses, according to the latest OWASP Top
10. Both of them are results from using tainted data without validation. To solve the
problem of incomplete data flow analysis, we translate all the server-side and client-side
programs into a one-language representation CIL (C Intermediate Language). We present
an approach to simulating the actions of a Web application on the CIL representation.
We then apply control flow analysis and data flow analysis on the representation. We
show by experiments that our analyzer can cross the server and the client programs to
provide more precise and complete analysis results.
This problem may be attributed to several factors. One of these factors is that current
analyzers cannot analyze the data flow of a Web application completely. The main difficulty is that Web applications are multi-staged programs. The rst-stage programs are
server-side programs which execute on the server-side and dynamically generate client-side programs. These client-side programs are second-stage programs which run on the user''s browser and can interact with the users. Vulnerabilities may occur either on the client side or the server side. However, the client-side programs sometimes interact with the server, for example when using AJAX. Such data flows between the client and the server are usually not detected by current analyzers. In this thesis, we aim at analyzing the data flow of Web applications more completely.
The major vulnerabilities that we focus on are Cross-Site Scripting and SQL Injection.
They are the top two of the risks faced by businesses, according to the latest OWASP Top
10. Both of them are results from using tainted data without validation. To solve the
problem of incomplete data flow analysis, we translate all the server-side and client-side
programs into a one-language representation CIL (C Intermediate Language). We present
an approach to simulating the actions of a Web application on the CIL representation.
We then apply control flow analysis and data flow analysis on the representation. We
show by experiments that our analyzer can cross the server and the client programs to
provide more precise and complete analysis results.
Subjects
Data flow Analysis
Static Analysis
Security Vulnerability
Type
thesis
File(s)![Thumbnail Image]()
Loading...
Name
ntu-100-R98725050-1.pdf
Size
23.32 KB
Format
Adobe PDF
Checksum
(MD5):121defe751ed8d188806a917f42945f1