Home // ICSEA 2014, The Ninth International Conference on Software Engineering Advances // View article

On the Automation of Vulnerabilities Fixing for Web Application

Authors:
Kabir Umar
Abu Bakar Sultan
Hazura Zulzalil
Novia Admodisastro
Mohd Taufik Abdullah

Keywords: Web application; Automated Vulnerabilities Fixing; Evolutionary Programming; SQL Injection

Abstract:
Testing Web applications for detection and fixing of vulnerabilities has become an indispensable task in web applications’ development process. This task often consumes a lot of time, efforts and other resources. The research community have devoted considerable amount of efforts to address this problem by proposing many techniques for automated vulnerabilities detection and fix generation for web application. Many of these techniques can reliably detect vulnerabilities and generate fix(es), which can be applied to the web application’s code, by the developer, for possible fixing of the vulnerabilities. Hence, the actual code modifications that fix the vulnerabilities is not automated and has to be carried out manually. To the best of our knowledge, none of the existing automated techniques is able to do this, and hence the actual fixing of the vulnerabilities is left for the human developer to handle. In this paper, we propose a novel framework for automatic vulnerabilities fixing for web application. We mimic evolutionary idea and employ Evolutionary Programming to evolve web applications whose fitness is evaluated based on their ability to survive test attacks. The reliability of the resulting vulnerabilities-free web application can be further enhanced by co-evolving test sets with generations of web applications in which the fitness of test attack is evaluated based on its ability to break web applications.

Pages: 221 to 226

Copyright: Copyright (c) IARIA, 2014

Publication date: October 12, 2014

Published in: conference

ISSN: 2308-4235

ISBN: 978-1-61208-367-4

Location: Nice, France

Dates: from October 12, 2014 to October 16, 2014