Locating SQL Injection Vulnerabilities in Java Byte Code Using Natural Language Techniques
Title | Locating SQL Injection Vulnerabilities in Java Byte Code Using Natural Language Techniques |
Publication Type | Conference Paper |
Year of Publication | 2018 |
Authors | Jackson, K. A., Bennett, B. T. |
Conference Name | SoutheastCon 2018 |
ISBN Number | 978-1-5386-6133-8 |
Keywords | code analysis, code analysis tools, Collaboration, Decision trees, Human Behavior, human factors, Java, Java byte code, Java program, Metrics, natural language processing, natural language techniques, policy-based governance, program diagnostics, pubcrawl, python, resilience, Resiliency, Safe Coding, Secure Coding, security, security of data, singular decision trees, Software, software vulnerabilities, source code (software), SQL, SQL Injection, SQL injection vulnerabilities, Standards, text mining, Tools |
Abstract | With so much our daily lives relying on digital devices like personal computers and cell phones, there is a growing demand for code that not only functions properly, but is secure and keeps user data safe. However, ensuring this is not such an easy task, and many developers do not have the required skills or resources to ensure their code is secure. Many code analysis tools have been written to find vulnerabilities in newly developed code, but this technology tends to produce many false positives, and is still not able to identify all of the problems. Other methods of finding software vulnerabilities automatically are required. This proof-of-concept study applied natural language processing on Java byte code to locate SQL injection vulnerabilities in a Java program. Preliminary findings show that, due to the high number of terms in the dataset, using singular decision trees will not produce a suitable model for locating SQL injection vulnerabilities, while random forest structures proved more promising. Still, further work is needed to determine the best classification tool. |
URL | https://ieeexplore.ieee.org/document/8478870 |
DOI | 10.1109/SECON.2018.8478870 |
Citation Key | jackson_locating_2018 |
- resilience
- tools
- Text Mining
- standards
- SQL injection vulnerabilities
- SQL injection
- SQL
- source code (software)
- software vulnerabilities
- Software
- singular decision trees
- security of data
- security
- Secure Coding
- Safe Coding
- Resiliency
- code analysis
- Python
- pubcrawl
- program diagnostics
- policy-based governance
- natural language techniques
- natural language processing
- Metrics
- Java program
- Java byte code
- Java
- Human Factors
- Human behavior
- Decision trees
- collaboration
- code analysis tools