Proceedings of the 2022 International Conference on Bigdata Blockchain and Economy Management (ICBBEM 2022)

<Previous Article In Volume
Next Article In Volume>

Effective Dynamic Taint Analysis of Java Web Applications

Authors
Yan Huang1, *, Chaohui He2, Chenglong He1, Chaoyong Wang1
1School of Software, Xi’an Jiao-Tong University, Xi’an, Shaanxi, China
2School of Energy and Power Engineering, Xi’an Jiao-Tong University, Xi’an, Shaanxi, China
*Corresponding author. Email: hy1273383167@stu.xjtu.edu.cn
Corresponding Author
Yan Huang
Available Online 20 December 2022.
DOI
10.2991/978-94-6463-030-5_97How to use a DOI?
Keywords
Dynamic Taint Analysis; Vulnerability Discovery; Computer Technology; Dataflow Analysis; Web Security
Abstract

With the rapid development of the Internet, network security is the most important issue for businesses and people. Vulnerabilities caused by user input and not treated harmlessly are the easiest to be exploited by hackers. In this paper, a tool named FastTaint is implemented, by using the principle of dynamic taint analysis, the vulnerability detection rate is high and the false positive rate is extremely low. First, the FastTaint tool is based on the proxy mode of behavior injection mode; then there are different instrumentation strategies for Source, Propagator, Sanitizer and Sink to make the detection range more accurate; finally, the taint is marked at the object level and the vulnerability is determined at the leaking point. The FastTaint tool abandons the traditional firewall that relies on the characteristics of requests to detect attacks and creatively uses Interactive Application Security Testing (IAST) technology. It is injected directly into the protected application’s service to provide real-time, function-level protection, and can update the strategy without updating and detect or prevent unknown vulnerabilities without updating the protected application’s code. Experiments show that this tool can quickly and efficiently detect multiple vulnerabilities without requiring the source code, FastTaint can detect multiple vulnerabilities, such as SQL Injection, Cross-Site Request Scripting, Path Traversal, Insecure Forwarding, XPath Injection, OS Injection, SSRF and other vulnerabilities.

Copyright
© 2023 The Author(s)
Open Access
Open Access This chapter is licensed under the terms of the Creative Commons Attribution-NonCommercial 4.0 International License (http://creativecommons.org/licenses/by-nc/4.0/), which permits any noncommercial use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

Download article (PDF)

<Previous Article In Volume
Next Article In Volume>
Volume Title
Proceedings of the 2022 International Conference on Bigdata Blockchain and Economy Management (ICBBEM 2022)
Series
Atlantis Highlights in Intelligent Systems
Publication Date
20 December 2022
ISBN
10.2991/978-94-6463-030-5_97
ISSN
2589-4919
DOI
10.2991/978-94-6463-030-5_97How to use a DOI?
Copyright
© 2023 The Author(s)
Open Access
Open Access This chapter is licensed under the terms of the Creative Commons Attribution-NonCommercial 4.0 International License (http://creativecommons.org/licenses/by-nc/4.0/), which permits any noncommercial use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

Cite this article

risenwbib
TY  - CONF
AU  - Yan Huang
AU  - Chaohui He
AU  - Chenglong He
AU  - Chaoyong Wang
PY  - 2022
DA  - 2022/12/20
TI  - Effective Dynamic Taint Analysis of Java Web Applications
BT  - Proceedings of the 2022 International Conference on Bigdata Blockchain and Economy Management (ICBBEM 2022)
PB  - Atlantis Press
SP  - 987
EP  - 997
SN  - 2589-4919
UR  - https://doi.org/10.2991/978-94-6463-030-5_97
DO  - 10.2991/978-94-6463-030-5_97
ID  - Huang2022
ER  -