Home // SOFTENG 2017, The Third International Conference on Advances and Trends in Software Engineering // View article

Integrating Static Taint Analysis in an Iterative Software Development Life Cycle

Authors:
Thomas Lie
Pål Ellingsen

Keywords: Taint Analysis; iterative development; software security; injection attacks

Abstract:
Web applications expose their host systems to the end-user. The nature of this exposure makes all Web applications susceptible to security vulnerabilities in various ways. Two of the top problems are information flow based, namely injection and cross-site scripting. A way to detect information flow based security flaws is by performing static taint analysis. The idea is that variables that can directly or indirectly be modified by the user are identified as tainted. If a tainted variable is used to execute a critical command, a potential security flaw is detected. In this paper, we study how to integrate static taint analysis in an iterative and incremental development process to detect information flow based security vulnerabilities.

Pages: 25 to 30

Copyright: Copyright (c) IARIA, 2017

Publication date: April 23, 2017

Published in: conference

ISSN: 2519-8394

ISBN: 978-1-61208-553-1

Location: Venice, Italy

Dates: from April 23, 2017 to April 27, 2017