Efficient Code Clone Analysis to Detect Vulnerability in Dynamic Web Applications
K.R. Vineetha1 , N.S. Krishna2
Section:Review Paper, Product Type: Journal Paper
Volume-4 ,
Issue-11 , Page no. 57-60, Nov-2016
Online published on Nov 29, 2016
Copyright © K.R. Vineetha , N.S. Krishna . This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
View this paper at Google Scholar | DPI Digital Library
How to Cite this Paper
- IEEE Citation
- MLA Citation
- APA Citation
- BibTex Citation
- RIS Citation
IEEE Style Citation: K.R. Vineetha , N.S. Krishna, “Efficient Code Clone Analysis to Detect Vulnerability in Dynamic Web Applications,” International Journal of Computer Sciences and Engineering, Vol.4, Issue.11, pp.57-60, 2016.
MLA Style Citation: K.R. Vineetha , N.S. Krishna "Efficient Code Clone Analysis to Detect Vulnerability in Dynamic Web Applications." International Journal of Computer Sciences and Engineering 4.11 (2016): 57-60.
APA Style Citation: K.R. Vineetha , N.S. Krishna, (2016). Efficient Code Clone Analysis to Detect Vulnerability in Dynamic Web Applications. International Journal of Computer Sciences and Engineering, 4(11), 57-60.
BibTex Style Citation:
@article{Vineetha_2016,
author = {K.R. Vineetha , N.S. Krishna},
title = {Efficient Code Clone Analysis to Detect Vulnerability in Dynamic Web Applications},
journal = {International Journal of Computer Sciences and Engineering},
issue_date = {11 2016},
volume = {4},
Issue = {11},
month = {11},
year = {2016},
issn = {2347-2693},
pages = {57-60},
url = {https://www.ijcseonline.org/full_paper_view.php?paper_id=1107},
publisher = {IJCSE, Indore, INDIA},
}
RIS Style Citation:
TY - JOUR
UR - https://www.ijcseonline.org/full_paper_view.php?paper_id=1107
TI - Efficient Code Clone Analysis to Detect Vulnerability in Dynamic Web Applications
T2 - International Journal of Computer Sciences and Engineering
AU - K.R. Vineetha , N.S. Krishna
PY - 2016
DA - 2016/11/29
PB - IJCSE, Indore, INDIA
SP - 57-60
IS - 11
VL - 4
SN - 2347-2693
ER -
VIEWS | XML | |
1482 | 1414 downloads | 1490 downloads |
Abstract
In this system an approach to clone analysis and Vulnerability detection for Web applications has been proposed together with a prototype implementation for web pages. Our approach analyzes the page structure, implemented by specific sequences of HTML tags, and the content displayed for both dynamic and static pages. Moreover, for a pair of web pages we also consider the similarity degree of their java source. The similarity degree can be adapted and tuned in a simple way for different web applications. We have reported the results of applying our approach and tool in a case study. The results have confirmed that the lack of analysis and design of the Web application has effect on the duplication of the pages. In particular, these results allowed us to identify some common features for the web pages that could be integrated, by deleting the duplications and code clones. Moreover, the clone analysis and Vulnerability detection of the pages enabled to acquire information to improve the general quality and conceptual/design of the database of the web application. Indeed, we plan to exploit the results of the code clone analysis method to support web application reengineering activities.
Key-Words / Index Term
Vulnerability Detection, Code Clone, Dynamic Webpages, Duplication
References
[1] J. Anvik, L. Hiew, and G.C. Murphy, �Coping with an Open Vulnerability Repository,� Proc. OOPSLA Workshop Eclipse Technology eXchange, 2005.
[2] J. Anvik, L. Hiew, and G.C. Murphy, �Who Should Fix This Vulnerability?� Proc. 28th Int�l Conf. Software Eng. (ICSE �06), 2006.
[3] N. Bettenburg, R. Premraj, T. Zimmermann, and S. Kim, �Duplicate Vulnerability Reports Considered Harmful; Really?� Proc. IEEE 24th Int�l Conf. Software Maintenance (ICSM �08), 2008.
[4] J. Davidson, N. Mohan, and C. Jensen, �Coping with Duplicate Vulnerability Reports in Free/Open Source Software Projects,� Proc. IEEE Symp. Visual Languages and Human-Centric Computing (VL/HCC �11), 2011.
[5] P. Runeson, M. Alexandersson, and O. Nyholm, �Detection of Duplicate Defect Reports Using Natural Language Processing,� Proc. 29th Int�l Conf. Software Eng. 2007
[6] A.J. Ko, B.A. Myers, and D.H. Chau, �A Linguistic Analysis of How People Describe Software Problems,� Proc. IEEE Symp. Visual Languages and Human-Centric Computing (VL-HCC �06), 2006
[7] N. Bettenburg, S. Just, A. Schr�oter, C. Weiss, R. Premraj, and T. Zimmermann, �What Makes a Good Vulnerability Report?� Proc. 16th Int�l Symp. Foundations of Software Eng. (FSE �08), 2008
[8] S. Breu, R. Premraj, J. Sillito, and T. Zimmermann, �Information Needs in Vulnerability Reports: Improving Cooperation between Developers and Users,� Proc. ACM Conf. Computer Supported Cooperative Work (CSCW �10), 2010
[9] R.J. Sandusky and L. Gasser, �Negotiation and the Coordination of Information and Activity in Distributed Software Problem Management,� Proc. Int�l ACM SIGGROUP Conf. Supporting Group Work (GROUP �05), 2005
[10] D. Bertram, A. Voida, S. Greenberg, and R. Walker, �Communication, Collaboration, and Vulnerabilities: The Social Nature of Issue Tracking in Small, Collocated Teams,� Proc. ACM Conf. Computer Supported Cooperative Work (CSCW �10), 2010.
[11] R. Lotufo, Z.Malik, andK. Czarnecki, �Modelling the �Hurried� Vulnerability Report Reading Process to Summarize Vulnerability Reports,� Proc. IEEE 28th Int�l Conf. Software Maintenance (ICSM�12), 2012.
[12] S. Mani, R. Catherine, V.S. Sinha, and A. Dubey, �AUSUM: Approach for Unsupervised Vulnerability Report Summarization,� Proc. ACM SIGSOFT 20th Int�l Symp. the Foundations of Software Eng. (FSE �12), article 11, 2012
[13] S. Haiduc, J. Aponte, L. Moreno, and A. Marcus, �On the Use of Automated Text Summarization Techniques for Summarizing Source Code,� Proc. 17th Working Conf. Reverse Eng. (WCRE �10), pp. 35-44, 2010
[14] G. Sridhara, E. Hill, D. Muppaneni, L. Pollock, and K. Vijay Shanker, �Towards Automatically Generating Summary Comments for Java Methods,� Proc. 25th Int�l Conf. Automated Software Eng. (ASE �10), pp. 43-52, 2010
[15] Jyotsnamayee Upadhyaya, Namita Panda and Arup Abhinna Acharya �Attack Generation and Vulnerability Discovery in Penetration Testing using Sql Injection � International Journal of Computer Science and Engineering ,Volume-2, Issue-3 ,E-ISSN: 2347-2693 , 2014