An Enhanced Static Taint Analysis Approach to Detect Input Validation Vulnerability

Abstract

The detection of feasible paths helps to minimize the false positive rate. However, the previous works did not consider the feasibility of the program paths during the analysis detection of input validation vulnerabilities, which led to false positive results. They also needed to validate the usage of the proper sanitization functions for each context of the user input. Therefore, we proposed an enhanced static taint analysis approach to analyse the source code and track the tainted inputs in the program. It started by examining the source code to find the feasibility of each path in the program. The tainted variables were tracked through the analysis until the sink statement, which executes the tainted variables. An algorithm was built to enhance the static analyzer to handle the variables handling functions in PHP. The proposed approach was evaluated with SARD datasets and large-scale PHP programs. The results indicated that the precision in detecting XSS vulnerability was approximately 44% better than WAP and 26% better than RIPS, and its precision in detecting SQL injection was about 10% better than WAP and 19% better than RIPS. Furthermore, the proposed approach outperformed previous symbolic execution studies regarding the number of detected vulnerabilities.