Automatically fixing security vulnerabilities in Java code

Aharon Abadi, Ran Ettinger, Yishai A. Feldman, Mati Shomrat

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

1 Scopus citations

Abstract

Most kinds of security vulnerabilities in web applications can be fixed by adding appropriate sanitization methods. Finding the correct place for the sanitizers can be difficult due to complicated data and control flow. Fixing SQL injection vulnerabilities may require more complex transformations, such as replacing uses of Statement by PreparedStatement, which could include some code motion. We have developed algorithms to place sanitizers correctly, as well as to transform Statement to PreparedStatement. These have been implemented as "quick fixes" in an Eclipse plugin that works together with a commercial tool that discovers security vulnerabilities in web applications.

Original languageEnglish
Title of host publicationSPLASH'11 Compilation - Proceedings of OOPSLA'11, Onward! 2011, GPCE'11, DLS'11, and SPLASH'11 Companion
Pages3-4
Number of pages2
DOIs
StatePublished - 22 Nov 2011
Externally publishedYes
EventACM International Conference on Systems, Programming, Languages, and Applications: Software for Humanity, SPLASH'11 - Portland, OR, United States
Duration: 22 Oct 201127 Oct 2011

Publication series

NameSPLASH'11 Compilation - Proceedings of OOPSLA'11, Onward! 2011, GPCE'11, DLS'11, and SPLASH'11 Companion

Conference

ConferenceACM International Conference on Systems, Programming, Languages, and Applications: Software for Humanity, SPLASH'11
Country/TerritoryUnited States
CityPortland, OR
Period22/10/1127/10/11

Keywords

  • Quick fix
  • Security

ASJC Scopus subject areas

  • Computer Science Applications
  • Software

Fingerprint

Dive into the research topics of 'Automatically fixing security vulnerabilities in Java code'. Together they form a unique fingerprint.

Cite this