Among the various facets of cybersecurity, software security plays a crucial role. This requires the assessment of the security of programs and web applications exposed to the external world and consequently potential targets of attacks like SQL-injections, crosssite scripting, boundary violations, and command injections. The OWASP Benchmark Project developed a Java benchmark that contains thousands of test programs, featuring such security breaches. Its goal is to measure the ability of an analysis tool to identify vulnerabilities and its precision. We present how the Julia static analyzer, a sound tool based on abstract interpretation, performs on this benchmark in terms of soundness and precision. We discuss the details of its security analysis over a taint analysis of data, implemented through binary decision diagrams.
|Data di pubblicazione:||2017|
|Titolo:||Security Analysis of the OWASP Benchmark with Julia|
|Titolo del libro:||Proceedings of the First Italian Conference on Cybersecurity (ITASEC17)|
|Appare nelle tipologie:||4.1 Articolo in Atti di convegno|
File in questo prodotto: