UPM Institutional Repository

On the automation of vulnerabilities fixing for web application


Umar, Kabir and Md Sultan, Abu Bakar and Zulzalil, Hazura and Admodisastro, Novia and Abdullah @ Selimun, Mohd Taufik (2014) On the automation of vulnerabilities fixing for web application. In: The 9th International Conference on Software Engineering Advances (ICSEA 2014), 12-16 Oct. 2014, Nice, France. (pp. 221-226).


Testing Web applications for detection and fixing of vulnerabilities has become an indispensable task in web applications’ development process. This task often consumes a lot of time, efforts and other resources. The research community have devoted considerable amount of efforts to address this problem by proposing many techniques for automated vulnerabilities detection and fix generation for web application. Many of these techniques can reliably detect vulnerabilities and generate fix(es), which can be applied to the web application’s code, by the developer, for possible fixing of the vulnerabilities. Hence, the actual code modifications that fix the vulnerabilities is not automated and has to be carried out manually. To the best of our knowledge, none of the existing automated techniques is able to do this, and hence the actual fixing of the vulnerabilities is left for the human developer to handle. In this paper, we propose a novel framework for automatic vulnerabilities fixing for web application. We mimic evolutionary idea and employ Evolutionary Programming to evolve web applications whose fitness is evaluated based on their ability to survive test attacks. The reliability of the resulting vulnerabilities-free web application can be further enhanced by co-evolving test sets with generations of web applications in which the fitness of test attack is evaluated based on its ability to break web applications.

Download File

[img] PDF
Restricted to Repository staff only

Download (224kB)

Additional Metadata

Item Type: Conference or Workshop Item (Paper)
Divisions: Faculty of Computer Science and Information Technology
Keywords: Web application; Automated vulnerabilities fixing; Evolutionary programming; SQL injection
Depositing User: Nursyafinaz Mohd Noh
Date Deposited: 19 Jun 2015 07:58
Last Modified: 08 Jun 2016 08:31
URI: http://psasir.upm.edu.my/id/eprint/38901
Statistic Details: View Download Statistic

Actions (login required)

View Item View Item