Abstract
Source code analysis is becoming extremely important for the universal acceptance of web applications because the automated source code analysis tools play a key role in identifying and fixing security-related vulnerabilities. This paper proposes a framework for securing web applications through source code analysis. The framework has three prescriptive phases including executing and monitoring, classifying and controlling and refining and managing. The framework helps to examine the web application source code related to security issues. The executing and monitoring phase employs five different open source tools for statically analyzing the source code. According to the literature, there are nine broad categories of vulnerabilities in web applications. After filtration of these vulnerabilities, classifying and controlling phase categorize the vulnerabilities according to their severity level with the help of fuzzy analytical analysis process and suggestive measures. The refining and managing phase takes these measures and suggests changes to the source code to make it more secure. This framework was validated through a web-based hospital management system. The results of the validation showed that the framework implementation made the source code more robust towards the upcoming vulnerabilities and bugs.
Highlights
Web Applications, with the ubiquitous and everincreasing usage, have become an inseparable part of our everyday lives
Source code analysis is one of the most significant actions to determine the vulnerabilities during the Web Application Development Life Cycle (WADLC) (Chess and McGraw, 2004)
The increasing number of incidents on web security breach has imposed the need to look upon a direction to optimize the source code analysis to produce secure codes (Meghanathan, 2013)
Summary
Web Applications, with the ubiquitous and everincreasing usage, have become an inseparable part of our everyday lives. This is happening because there are gaps between code analysis, updated vulnerability databases and developers reengineering process. During the implementation of phase 1, detection of security vulnerabilities is done in source codes of web applications through five different open scanning tools including Arachni (2018), FindBugs (2015), SonarLint (2017), EasyPMD (2015) and JArchitect (2018). Phase 3 refines the process of managing web security for developers
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have