Abstract
The quantity and significance of web application increases quickly. Meanwhile, the influence of vulnerabilities in web application grows as well. Automated tools are urgently needed because manual code reviews are inefficient and fallible. However, previous static code detection tools lack of alias analysis between variables in codes, leading to possible false positives or false negatives. To solve this problem, we propose a set of sound and precise alias analysis algorithms which can conduct intraprocedural and interprocedural alias analysis. Then we apply them to a previous static detection system. Experiments on practical open source web applications and manually written test cases show that system with alias analysis can handle complex alias relationship accurately and detect vulnerabilities related to alias with greater precision. Moreover, alias analysis's impact on scanning speed of the system is negligible.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
