Ecole d'ingénieur et centre de recherche en Sciences du numérique

Security vulnerabilities detection and protection using eclipse

Guarnieri, Marco; El-Khoury, Paul; Serme, Gabriel

ECLIPSE-IT 2011, 6th Workshop of the Italian Eclipse Community, September 22-23, 2011, Milano, Italy

After a decade of existence, still, Cross-site scripting, SQL Injection and other of Input validation associated security vulnerabilities can cause severe damage once exploited. To analyze this fact, conducted an empirical study, while OWASP and SANS defined their respective risk-based approaches. Taking these results into consideration, three deficiencies can be highlighted: a lack of up skilling developers, a high ratio of false positive findings in security code scanners and an erroneous planning of security corrections. In this paper, we present how using the Eclipse platform and the JDT compiler, a proper tooling can be provided to overcome these deficiencies. We present a static analyzer that assists developers to report these security vulnerabilities. We show as well how we integrate an Aspect Oriented tool for semi-automated correction of these findings. Both tools are designed within an architecture that is monitored by security experts and particularly adequate for agile development.  

Document Bibtex

Titre:Security vulnerabilities detection and protection using eclipse
Mots Clés:aop aspect-oriented-programming malformedinput secure programming security sqlinjection staticAnalysis xss
Type:Conférence
Langue:English
Ville:Milano
Pays:ITALIE
Date:
Département:Sécurité numérique
Eurecom ref:3585
Copyright: © Springer. Personal use of this material is permitted. The definitive version of this paper was published in ECLIPSE-IT 2011, 6th Workshop of the Italian Eclipse Community, September 22-23, 2011, Milano, Italy and is available at :
Bibtex: @inproceedings{EURECOM+3585, year = {2011}, title = {{S}ecurity vulnerabilities detection and protection using eclipse}, author = {{G}uarnieri, {M}arco and {E}l-{K}houry, {P}aul and {S}erme, {G}abriel}, booktitle = {{ECLIPSE}-{IT} 2011, 6th {W}orkshop of the {I}talian {E}clipse {C}ommunity, {S}eptember 22-23, 2011, {M}ilano, {I}taly }, address = {{M}ilano, {ITALIE}}, month = {09}, url = {http://www.eurecom.fr/publication/3585} }
Voir aussi: