Java Security Vulnerabilities Detection with Static Analysis
G.L. Cheng
Security in software plays an important role in todays society as computer networking is
getting more and more important. Security measures are taken to protect private information,
but bad programming practices can still cause security vulnerabilities in software systems.
Source code analysis tools can be used to detect such security vulnerabilities automatically.
The use of these tools helps to improve the quality and security of software systems and could
prevent future problems.
The class of security vulnerabilities called input validation vulnerabilities can be detected
using static taint analysis. The design and implementation of such a tool are the subject of
this paper. This tool detects input validation vulnerabilities in source code written in the Java
programming language. This paper also describes in detail how to deal with complexities
related to the object oriented nature of Java.
The tool first derives a graph structured model from the source code. This graph structured
model captures data dependency relations between important program elements. This graph
model is then analyzed using taint analysis to detect potential input validation vulnerabilities.
MSc project performed in the context of the
ASSESS Project.