Referenced Items are not available for this document.
Development organizations often do not have time to perform security fortification on every file in a product before release. One way of prioritizing security efforts is to use metrics to identify core business logic that could contain vulnerabilities, such as database interaction code. Database code is a source of SQL injection vulnerabilities, but importantly may be home to unrelated vulnerabilities. The goal of this research is to improve the prioritization of security fortification efforts by investigating the ability of SQL hotspots to be used as the basis for a heuristic for prediction of all vulnerability types. We performed empirical case studies of 15 releases of two open source PHP web applications: Word Press, a blogging application, and WikkaWiki, a wiki management engine. Using statistical analysis, we show that the more SQL hotspots a file contains per line of code, the higher the probability that file will contain any type of vulnerability.
Published in:
Software Testing, Verification and Validation (ICST), 2011 IEEE Fourth International Conference on
Date of Conference: 21-25 March 2011
- Page(s):
- 220 - 229
- E-ISBN :
- 978-0-7695-4342-0
- Print ISBN:
- 978-1-61284-174-8
- INSPEC Accession Number:
- 12008089
- Conference Location :
- Berlin
- Digital Object Identifier :
- 10.1109/ICST.2011.15
- Product Type:
- Conference Publications
About IEEE Xplore | Contact | Help | Terms of Use | Nondiscrimination Policy | Site Map | Privacy & Opting Out of Cookies
A not-for-profit organization, IEEE is the world's largest professional association for the advancement of technology.
© Copyright 2013 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.
