Security vulnerabilities detection and protection using eclipse

Guarnieri, Marco; El-Khoury, Paul; Serme, Gabriel
ECLIPSE-IT 2011, 6th Workshop of the Italian Eclipse Community, September 22-23, 2011, Milano, Italy

After a decade of existence, still, Cross-site scripting, SQL Injection and other of Input validation associated security vulnerabilities can cause severe damage once exploited. To analyze this fact, conducted an empirical study, while OWASP and SANS defined their respective risk-based approaches. Taking these results into consideration, three deficiencies can be highlighted: a lack of up skilling developers, a high ratio of false positive findings in security code scanners and an erroneous planning of security corrections. In this paper, we present how using the Eclipse platform and the JDT compiler, a proper tooling can be provided to overcome these deficiencies. We present a static analyzer that assists developers to report these security vulnerabilities. We show as well how we integrate an Aspect Oriented tool for semi-automated correction of these findings. Both tools are designed within an architecture that is monitored by security experts and particularly adequate for agile development.

 


Type:
Conférence
City:
Milano
Date:
2011-09-22
Department:
Sécurité numérique
Eurecom Ref:
3585
Copyright:
© Springer. Personal use of this material is permitted. The definitive version of this paper was published in ECLIPSE-IT 2011, 6th Workshop of the Italian Eclipse Community, September 22-23, 2011, Milano, Italy
and is available at :
See also:

PERMALINK : https://www.eurecom.fr/publication/3585