Security Analysis of Java Web Applications Using String Constraint Analysis

DSpace/Manakin Repository

Security Analysis of Java Web Applications Using String Constraint Analysis

Citable link to this page

 

 
Title: Security Analysis of Java Web Applications Using String Constraint Analysis
Author: Li, Louis
Citation: Li, Louis. 2015. Security Analysis of Java Web Applications Using String Constraint Analysis. Bachelor's thesis, Harvard College.
Full Text & Related Files:
Abstract: Web applications are exposed to myriad security vulnerabilities related to malicious user
string input. In order to detect such vulnerabilities in Java web applications,
this project employs string constraint analysis, which approximates the values
that a string variable in a program can take on. In string constraint analysis, program analysis
generates string constraints -- assertions about the relationships between string variables. We
design and implement a dataflow analysis for Java programs that generates string constraints and passes
those constraints to the CVC4 SMT solver to find a satisfying assignment of string variables. Using
example programs, we illustrate the feasibility of the system in detecting certain types of web
application vulnerabilities, such as SQL injection and cross-site scripting.
Terms of Use: This article is made available under the terms and conditions applicable to Other Posted Material, as set forth at http://nrs.harvard.edu/urn-3:HUL.InstRepos:dash.current.terms-of-use#LAA
Citable link to this page: http://nrs.harvard.edu/urn-3:HUL.InstRepos:14398534
Downloads of this work:

Show full Dublin Core record

This item appears in the following Collection(s)

 
 

Search DASH


Advanced Search
 
 

Submitters