articleJan 1, 2006Closed access
Pixy: a static analysis tool for detecting Web application vulnerabilities
Indexed incrossref
Abstract
The number and the importance of Web applications have increased rapidly over the last years. At the same time, the quantity and impact of security vulnerabilities in such applications have grown as well. Since manual code reviews are time-consuming, error-prone and costly, the need for automated solutions has become evident. In this paper, we address the problem of vulnerable Web applications by means of static source code analysis. More precisely, we use flow-sensitive, interprocedural and context-sensitive dataflow analysis to discover vulnerable points in a program. In addition, alias and literal analysis are employed to improve the correctness and precision of the results. The presented concepts are…
Citation impact
717
total citations
- FWCI
- 75.08
- Percentile
- 100%
- References
- 25
Citations per year
Authors
3Topics & keywords
Topics
Keywords
- Computer science
- Cross-site scripting
- Scripting language
- SQL injection
- Static analysis
- Correctness
- Taint checking
- Web application
No related works found for this paper.