Source Code Analysis to Remove Security Vulnerabilities in Java Socket Programs: A Case Study

@article{Meghanathan2013SourceCA,
  title={Source Code Analysis to Remove Security Vulnerabilities in Java Socket Programs: A Case Study},
  author={Natarajan Meghanathan},
  journal={ArXiv},
  year={2013},
  volume={abs/1302.1338}
}
This paper presents the source code analysis of a file reader server socket program (connection-oriented sockets) developed in Java, to illustrate the identification, impact analysis and solutions to remove five important software security vulnerabilities, which if left unattended could severely impact the server running the software and also the network hosting the server. The five vulnerabilities we study in this paper are: (1) Resource Injection, (2) Path Manipulation, (3) System Information… 
View PDF on arXiv
7 Citations
Background Citations
3

7 Citations

Automatic vulnerability detection and repair
TLDR
This dissertation proposes CDRep, which is a novel tool for automatically repairing cryptographic misuse defects, and explores the feasibility of designing practical scheme to learn fix patterns automatically, which was VuRLE, which not only generates templates automatically, but also targets on multiple types of vulnerabilities.
VuRLE: Automatic Vulnerability Detection and Repair by Learning from Examples
TLDR
A new tool, called VuRLE, for automatic detection and repair of vulnerabilities, which uses the context patterns to detect vulnerabilities, and customizes the corresponding edit patterns to repair them.
Sharing and Preserving Coding Best Practices through Programmer Data Analytics
  • Samiththa Bashani, I. Perera
  • Computer Science
    2018 18th International Conference on Advances in ICT for Emerging Regions (ICTer)
  • 2018
TLDR
This particular research tried to contribute to the field of software architecture by analyzing the feasibility of using machine data to identify the developer coding patterns and related data and provide a mechanism to enhance the skills of a developer.
Security Framework for Enterprise Resource Planning
This chapter deals with the security and its structure for the ERP that can be utilized to address all applicable security perspectives inside an association and to guarantee that it shapes a…
“FOR YOUTH FOR LIFE” AN ONLINE EDUCATION SYSTEM USABILITY AND SECURITY IMPROVEMENT
TLDR
The water needs of this region have changed in recent years from being primarily for agricultural purposes to domestic and industrial uses now, with a decline in the number of wells and the amount of water needs has increased.
Attacks on the Industrial Internet of Things - Development of a multi-layer Taxonomy
Securing Web Applications through a Framework of Source Code Analysis
TLDR
This paper proposes a framework for securing web applications through source code analysis that helps to examine the web application source code related to security issues and suggests changes to the source code to make it more secure.

References

SHOWING 1-10 OF 15 REFERENCES
Secure Programming with Static Analysis
The First Expert Guide to Static Analysis for Software Security!Creating secure code requires more than just good intentions. Programmers need to know that their code will be safe in an almost…
Static Code Analysis to Detect Software Security Vulnerabilities - Does Experience Matter?
TLDR
It is found that average developers do not correctly identify the security warnings and only developers with specific experiences are better than chance in detecting the security vulnerabilities.
How to Break Software
TLDR
A subset of the attacks, conceived after studying hundreds of real software bugs and generalizing their cause and cause, are described and used to find real bugs in released products.
Detecting type errors and secure coding in C/C++ applications
TLDR
A dynamic analysis mechanism to detect type errors in modules of C/C++ code using aspect-oriented programming is proposed.
Taxonomy of static code analysis tools
TLDR
The purpose of this article is not to show which static code analysis tool is superior and which not, but to construct a taxonomy ofstatic code analysis tools to understand features and assets of the static codeAnalysis tools.
Assessing the effectiveness of static code analysis
TLDR
An analysis of the effectiveness of nearly 10 years efforts of additional independent SCA assurance on a large software intensive project is presented.
19 deadly sins of software security : programming flaws and how to fix them
TLDR
This chapter discusses how to deal with Buffer Overflows, Format String Problems, and Poor Usability in the context of SQL Injection.
Comparison of Static Code Analysis Tools
TLDR
This paper compares three static code analysis tools: Fortify SCA, Splint, and Frama-C, which represent three different approaches in the field of static analysis: non-annotation based heuristic analyzers, and an annotation based correct analyzer.
Dynamic software security testing
Current software security techniques aren't able to produce the secure systems demanded by our increasingly interconnected society, so there persists the need for a more effective and scalable…
Learning from Software Security Testing
TLDR
A software security testing scheme is proposed that exploits an intra-organisational repository of discovered vulnerabilities that closes the loop after the testing of one application is complete, providing useful input to the next application to be tested.
...
...