Abstract
With the continuous development of J2EE technology, frequent attacks using security vulnerabilities in web applications have caused enormous economic loss to theusers. Dynamic taint tracking is an important part to analyze the program dynamically. In this paper, we put forward a new dynamic solution in the Java virtual machine, warning external attacks and recording specific taint propagation path. This scheme combines static analysis techniques to collect reachable source-derivation-sink taint flow and reduce the runtime overhead. With the help of AOP (aspect-oriented programming) technology, we could only insert monitor codes to interested taint paths to improve the efficiency of instrumentation. Finally, we implemented this dynamic taint tracking approach to explore SQL injection and XSS vulnerabilities in web applications based on the Java Servlet Specification and proved practicality.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
