Citation
Umar, Kabir and Md Sultan, Abu Bakar and Zulzalil, Hazura and Admodisastro, Novia and Abdullah @ Selimun, Mohd Taufik
(2014)
On the automation of vulnerabilities fixing for web application.
In: The 9th International Conference on Software Engineering Advances (ICSEA 2014), 12-16 Oct. 2014, Nice, France. (pp. 221-226).
Abstract
Testing Web applications for detection and fixing of vulnerabilities has become an indispensable task in web applications’ development process. This task often consumes a lot of time, efforts and other resources. The research community have devoted considerable amount of efforts to address this problem by proposing many techniques for automated vulnerabilities detection and fix generation for web application. Many of these techniques can reliably detect vulnerabilities and generate fix(es), which can be applied to the web application’s code, by the developer, for possible fixing of the vulnerabilities. Hence, the actual code modifications that fix the vulnerabilities is not automated and has to be carried out manually. To the best of our knowledge, none of the existing automated techniques is able to do this, and hence the actual fixing of the vulnerabilities is left for the human developer to handle. In this paper, we propose a novel framework for automatic vulnerabilities fixing for web application. We mimic evolutionary idea and employ Evolutionary Programming to evolve web applications whose fitness is evaluated based on their ability to survive test attacks. The reliability of the resulting vulnerabilities-free web application can be further enhanced by co-evolving test sets with generations of web applications in which the fitness of test attack is evaluated based on its ability to break web applications.
Download File
Additional Metadata
Actions (login required)
|
View Item |