Abstract

Web application security is an important problem in today’s Internet. A major cause of this is that many developers are not equipped with the right skills to develop secure code. Because of limited time and resources, web engineers need help in recognizing vulnerable components. A useful approach to predict vulnerable code would allow them to prioritize security-auditing efforts. In this work, we compare the performance of different classification techniques in predicting vulnerable PHP files and propose an application of these classification rules. We performed empirical case studies on three large open source web-projects. Software metrics are investigated whether they are discriminative and predictive of vulnerable code, and can guide actions for improvement of code and development team and can prioritize validation and verification efforts. The results indicate that the metrics are discriminative and predictive of vulnerabilities.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
A Comparison of Nano-Patterns vs. Software Metrics in Vulnerability Prediction
Kazi Zakia Sultana ... Amiangshu Bosu
-
Kazi Zakia Sultana, et. al.Kazi Zakia Sultana ... Amiangshu Bosu
01 Dec 2018
Using software metrics for predicting vulnerable classes and methods in Java projects: A machine learning approach
Kazi Zakia Sultana ... Vaibhav Anu
Journal of Software: Evolution and Process | VOL. 33
Kazi Zakia Sultana, et. al.Kazi Zakia Sultana ... Vaibhav Anu
07 Aug 2020
Improving real-world vulnerability characterization with vulnerable slices
Solmaz Salimi ... Maryam Ebrahimzadeh
-
Solmaz Salimi, et. al.Solmaz Salimi ... Maryam Ebrahimzadeh
08 Nov 2020
Investigating the Changes in Software Metrics after Vulnerability is Fixed
Andy Zhou ... Bharath K Samanthula
-
Andy Zhou, et. al.Andy Zhou ... Bharath K Samanthula
15 Dec 2021
View more papers

More From: International Journal of Security and Its Applications

Paper Title
Journal
Date
Author
Capturing Security Mechanisms Applied to Ecommerce: An Analysis of Transaction Security
Ranie B Canlas
International Journal of Security and Its Applications | VOL. 15
Ranie B CanlasRanie B Canlas
31 Mar 2021
-
-
International Journal of Security and Its Applications | VOL. 15
--
31 Mar 2021
Blockchain Approach to Cyber Security Vulnerabilities Attacks and Potential Countermeasures
Bosubabu Samban ... Molli Srinivasa Rao
International Journal of Security and Its Applications | VOL. 14
Bosubabu Samban, et. al.Bosubabu Samban ... Molli Srinivasa Rao
31 Mar 2020
Mitigation of Wireless Body Area Networks Challenges using Cooperation
Zeeshan Haider ... Aleena Ajaz
International Journal of Security and Its Applications | VOL. 14
Zeeshan Haider, et. al.Zeeshan Haider ... Aleena Ajaz
31 Mar 2020
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.