Detection and Correction of Software Vulnerabilities in Java Code

  • K.P.Lavanya Department of Computer Science and Engineering, East Point College of Engineering & Technology, Bangalore, Karnataka, India.
  • B.Vishwanatha Department of Computer Science and Engineering, East Point College of Engineering & Technology, Bangalore, Karnataka, India.
  • Anirban Basu Department of Computer Science and Engineering, East Point College of Engineering & Technology, Bangalore, Karnataka, India.
Keywords: Vulnerability, SecCheck, CWE, Degree of Insecurity, Mitigation

Abstract

Flaws within design and coding are the causes of the most of security vulnerabilities in the software. Vulnerability is a defect within the source code which can be exploited to hack the code. Vulnerability is the intersection of three aspects: a system propensity or defect, invader access to the flaw, and invader potential to utilize the defect. Efforts are required for protecting the software against malicious attempts to exploit these weaknesses so that the software continues to function appropriately under prospective threats. It is essential that these vulnerabilities are not only detected but corrected. The paper discusses a tool developed by the authors which not only detects software vulnerabilities but provides solutions for correcting them. The tool also calculates the Degree of Insecurity in a Java program first defined in.

References

http://www.cwe.mitre.org

Priyadarshini. R, Nivedita Ghosh and Anirban Basu, A Tool for Detection of Vulnerabilities and for Measuring Insecurity in Java Programs, International Journal of Software Engineering, 7(2)(2014), 67-93.

Park Foreman, Vulnerability Management, Auerbach Publications, (2009).

http://download.microsoft.com/download/5/0/5/505646ED-5EDF-4E23-8E84 6119E4BF82E0/Mitigating Software Vulnerabilities.pdf

A Agrawal and R A Khan, A Framework to Detect and Analyze Software Vulnerabilities -Development Phase Perspective, International Journal of Recent Trends in Engineering, 2(2)(2009), 82-84.

Downloading code without integrity check, http://cwe.mitre.org/data/definitions/494.html

Embedding malllicious code http://cwe.mitre.org/data/definitions/506.html

Exposure of private information http://cwe.mitre.org/data/definitions/359.html

Absolute path traversal http://cwe.mitre.org/data/definitions/36.html

Missing XML validation http://cwe.mitre.org/data/definitions/112.html

Improper Neutralization of Input during web page Generation http://cwe.mitre.org/data/definitions/79.html

Missing Encryption of sensitive Data http://cwe.mitre.org/data/definitions/311.html

Public cloneable() Method without final http://cwe.mitre.org/data/definitions/491.html

Storing Passwords in a Recoverable Format http://cwe.mitre.org/data/definitions/257.html

Assignment to Variable without Use http://cwe.mitre.org/data/definitions/257.html

Untrusted Search Path http://cwe.mitre.org/data/definitions/426.html

Unchecked Return Value http://cwe.mitre.org/data/definitions/252.html
How to Cite
K.P.Lavanya, B.Vishwanatha, & Anirban Basu. (2015). Detection and Correction of Software Vulnerabilities in Java Code. International Journal of Current Research in Science and Technology, 1(7), 19-27. Retrieved from https://crst.gfer.org/index.php/crst/article/view/35
Issue
Vol. 1 No. 7 (2015): JUL
Section
Articles