Reference : JoanAudit: A Tool for Auditing Common Injection Vulnerabilities
Scientific congresses, symposiums and conference proceedings : Paper published in a book
Engineering, computing & technology : Computer science
Security, Reliability and Trust
http://hdl.handle.net/10993/31717
JoanAudit: A Tool for Auditing Common Injection Vulnerabilities
English
Thome, Julian mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Shar, Lwin Khin mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Bianculli, Domenico mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Briand, Lionel mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Sep-2017
11th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering
ACM
Yes
International
ESEC/FSE 2017: 11th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering
from 04-09-2017 to 08-09-2017
Paderborn
Germany
[en] Security Auditing ; Static Analysis ; Vulnerability ; Automated Code Fixing
[en] JoanAudit is a static analysis tool to assist security auditors in auditing Web applications and Web services for common injection vulnerabilities during software development. It automatically identifies parts of the program code that are relevant for security and generates an HTML report to guide security auditors audit the source code in a scalable way. JoanAudit is configured with various security-sensitive input sources and sinks relevant to injection vulnerabilities and standard sanitization procedures that prevent these vulnerabilities. It can also automatically fix some cases of
vulnerabilities in source code — cases where inputs are directly used in sinks without any form of sanitization — by using standard sanitization procedures. Our evaluation shows that by using JoanAudit, security auditors are required to inspect only 1% of the total code for auditing common injection vulnerabilities. The screen-cast demo is available at https://github.com/julianthome/joanaudit.
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Software Verification and Validation Lab (SVV Lab)
Fonds National de la Recherche - FnR
http://hdl.handle.net/10993/31717
10.1145/3106237.3122822
FnR ; FNR9132112 > Julian Thomé > HyVAn > A Scalable And Accurate Hybrid Vulnerability Analysis Framework > 01/09/2014 > 14/04/2018 > 2014

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
esec-fse2017-demo.pdfAuthor preprint629.74 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.