On the automation of vulnerabilities fixing for web application
Testing Web applications for detection and fixing of vulnerabilities has become an indispensable task in web applications’ development process. This task often consumes a lot of time, efforts and other resources. The research community have devoted considerable amount of efforts to address this prob...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Conference or Workshop Item |
| Language: | English |
| Published: |
2014
|
| Online Access: | http://psasir.upm.edu.my/id/eprint/38901/1/38901.pdf http://psasir.upm.edu.my/id/eprint/38901/ http://www.thinkmind.org/download.php?articleid=icsea_2014_9_20_10088 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Testing Web applications for detection and fixing of vulnerabilities has become an indispensable task in web applications’ development process. This task often consumes a lot of time, efforts and other resources. The research community have devoted considerable amount of efforts to address this problem by proposing many techniques for automated vulnerabilities detection and fix generation for web application. Many of these techniques can reliably detect vulnerabilities and generate fix(es), which can be applied to the web application’s code, by the developer, for possible fixing of the vulnerabilities. Hence, the actual code modifications that fix the vulnerabilities is not automated and has to be carried out manually. To the best of our knowledge, none of the existing automated techniques is able to do this, and hence the actual fixing of the vulnerabilities is left for the human developer to handle. In this paper, we propose a novel framework for automatic vulnerabilities fixing for web application. We mimic evolutionary idea and employ Evolutionary Programming to evolve web applications whose fitness is evaluated based on their ability to survive test attacks. The reliability of the resulting vulnerabilities-free web application can be further enhanced by co-evolving test sets with generations of web applications in which the fitness of test attack is evaluated based on its ability to break web applications. |
|---|