Impact of Coding Styles on Behaviours of Static Analysis Tools for Web Applications
Web applications have become an essential resource to access the services of diverse subjects (e.g., financial, healthcare) available on the Internet. Despite the efforts that have been made on its security, namely on the investigation of better techniques to detect vulnerabilities on its source cod...
Saved in:
| Published in | 2020 50th Annual IEEE-IFIP International Conference on Dependable Systems and Networks-Supplemental Volume (DSN-S) pp. 55 - 56 |
|---|---|
| Main Authors | , |
| Format | Conference Proceeding |
| Language | English |
| Published |
IEEE
01.06.2020
|
| Subjects | |
| Online Access | Get full text |
Cover
Loading…
| Abstract | Web applications have become an essential resource to access the services of diverse subjects (e.g., financial, healthcare) available on the Internet. Despite the efforts that have been made on its security, namely on the investigation of better techniques to detect vulnerabilities on its source code, the number of vulnerabilities exploited has not decreased. Static analysis tools (SATs) are often used to test the security of applications since their outcomes can help developers in the correction of the bugs they found. The conducted investigation made over SATs stated they often generate errors (false positives (FP) and false negatives (FN)), whose cause is recurrently associated with very diverse coding styles, i.e., similar functionality is implemented in distinct manners, and programming practices that create ambiguity, such as the reuse and share of variables. Based on a common practice of using multiple forms in a same webpage and its processing in a single file, we defined a use case for user login and register with six coding styles scenarios for processing their data, and evaluated the behaviour of three SATs (phpSAFE, RIPS and WAP) with them to verify and understand why SATs produce FP and FN. |
|---|---|
| AbstractList | Web applications have become an essential resource to access the services of diverse subjects (e.g., financial, healthcare) available on the Internet. Despite the efforts that have been made on its security, namely on the investigation of better techniques to detect vulnerabilities on its source code, the number of vulnerabilities exploited has not decreased. Static analysis tools (SATs) are often used to test the security of applications since their outcomes can help developers in the correction of the bugs they found. The conducted investigation made over SATs stated they often generate errors (false positives (FP) and false negatives (FN)), whose cause is recurrently associated with very diverse coding styles, i.e., similar functionality is implemented in distinct manners, and programming practices that create ambiguity, such as the reuse and share of variables. Based on a common practice of using multiple forms in a same webpage and its processing in a single file, we defined a use case for user login and register with six coding styles scenarios for processing their data, and evaluated the behaviour of three SATs (phpSAFE, RIPS and WAP) with them to verify and understand why SATs produce FP and FN. |
| Author | Medeiros, Iberia Neves, Nuno |
| Author_xml | – sequence: 1 givenname: Iberia surname: Medeiros fullname: Medeiros, Iberia organization: LASIGE, Faculdade de Ciências da Universidade de Lisboa – sequence: 2 givenname: Nuno surname: Neves fullname: Neves, Nuno organization: LASIGE, Faculdade de Ciências da Universidade de Lisboa |
| BookMark | eNotj89KxDAYxCPowV19AhHyAq1f0jRNjrX-W1j00BWPS5p-0UA3KU0V-vbuooeZOfyGgVmR8xADEnLLIGcM9N1D-5q1JXCAnB89B4ACzsiKVVwdJUFdknZzGI2daXS0ib0Pn7SdlwETjYHe45f58fF7Sifczmb2ltbBDEvyie5iHBJ1caIf2NF6HAdvj40Y0hW5cGZIeP2fa_L-9LhrXrLt2_OmqbeZ51DMmWWc67IQynRSS9cJxZzWoDoGVttOOoaiMloqLK3liH3vlDQChQYmTl_W5OZv1yPifpz8wUzLXrNSs6oofgH4gUzp |
| CODEN | IEEPAD |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IL CBEJK RIE RIL |
| DOI | 10.1109/DSN-S50200.2020.00030 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Xplore POP ALL IEEE Xplore All Conference Proceedings IEEE Electronic Library (IEL) IEEE Proceedings Order Plans (POP All) 1998-Present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| EISBN | 1728172608 9781728172606 |
| EndPage | 56 |
| ExternalDocumentID | 9159173 |
| Genre | orig-research |
| GroupedDBID | 6IE 6IL CBEJK RIE RIL |
| ID | FETCH-LOGICAL-i203t-c12295348ab696fb481f9908b10c9cb6f1e47a968e5cc2eeddf86a4e490140003 |
| IEDL.DBID | RIE |
| IngestDate | Wed Aug 27 02:33:29 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | true |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-i203t-c12295348ab696fb481f9908b10c9cb6f1e47a968e5cc2eeddf86a4e490140003 |
| PageCount | 2 |
| ParticipantIDs | ieee_primary_9159173 |
| PublicationCentury | 2000 |
| PublicationDate | 2020-Jun |
| PublicationDateYYYYMMDD | 2020-06-01 |
| PublicationDate_xml | – month: 06 year: 2020 text: 2020-Jun |
| PublicationDecade | 2020 |
| PublicationTitle | 2020 50th Annual IEEE-IFIP International Conference on Dependable Systems and Networks-Supplemental Volume (DSN-S) |
| PublicationTitleAbbrev | DSN-S |
| PublicationYear | 2020 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| Score | 2.1235137 |
| Snippet | Web applications have become an essential resource to access the services of diverse subjects (e.g., financial, healthcare) available on the Internet. Despite... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 55 |
| SubjectTerms | coding styles Cross-site scripting Electronic mail Encoding Registers software security Static analysis Static analysis tools Web vulnerabilities |
| Title | Impact of Coding Styles on Behaviours of Static Analysis Tools for Web Applications |
| URI | https://ieeexplore.ieee.org/document/9159173 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV3PS8MwFA7bTp5UNvE3OXi0W9OmaXOU6ZiCImzD3UZf-gLD0cjWHvSvN2m7TcSDt5IeEl4g30ve932PkJtAWNQF5dQ4WnkctfASJnyPc-eWBilCVrEtXsR4xp_m0bxFbndaGESsyGfYd59VLT8zqnRPZQNpsZfFYZu07cWt1mo1ohzmy8H9xJ5BkU1_fHvtCxxjq-Y275umVJgxOiTP29lqqsh7vyygr75-GTH-dzlHpLdX59HXHe4ckxbmXTJ5rOSO1Gg6NG6cTorPFW6oyWnjgViuN-63Sy-Xim7dSOjUmNWG2tyVviHQux8F7R6ZjR6mw7HXNEzwloEfFp5irjl3yJMUhBQaeMK0RZsEmK-kAqEZ8jiVIsFIqcCuMtOJSDlyV0t14TohndzkeEpolEY6CxFs7g081jHYxAQjKQPAWGUxnJGuC8jio_bEWDSxOP97-IIcuC2pKVaXpFOsS7yyYF7AdbWL34_AoNs |
| linkProvider | IEEE |
| linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1NT8JAFHxBPOhJDRi_3YNHC912u22PBiWgQEyAyI10t28TImkNtAf99e62BYzx4K3ZHrp5m3SmfTPzAO4crlFXSOPGUdJiqLgVUG5bjJm0NBGhiAu1xYj3pux55s1qcL_1wiBiIT7DlrksevlxKnPzq6wdauylvrsH-xr3PVq6tSpbDrXD9uNYv4U8TYBs_eHnGM1WqW7ejU0pUKN7BMPN80qxyHsrz0RLfv2KYvzvho6hufPnkdct8pxADZMGjPuF4ZGkinRSs07G2ecS1yRNSJWCmK_W5rYhmAtJNnkkZJKmyzXR7JW8oSAPP1raTZh2nyadnlWNTLAWju1mlqRmPLfLgkjwkCvBAqo03gSC2jKUgiuKzI9CHqAnpaN3GauARwyZ6aaacp1CPUkTPAPiRZ6KXRSafQvmK19oaoJeGDoCfRn74hwapiDzjzIVY17V4uLv5Vs46E2Gg_mgP3q5hENzPKXg6grq2SrHaw3tmbgpTvQbJDGkJA |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=2020+50th+Annual+IEEE-IFIP+International+Conference+on+Dependable+Systems+and+Networks-Supplemental+Volume+%28DSN-S%29&rft.atitle=Impact+of+Coding+Styles+on+Behaviours+of+Static+Analysis+Tools+for+Web+Applications&rft.au=Medeiros%2C+Iberia&rft.au=Neves%2C+Nuno&rft.date=2020-06-01&rft.pub=IEEE&rft.spage=55&rft.epage=56&rft_id=info:doi/10.1109%2FDSN-S50200.2020.00030&rft.externalDocID=9159173 |