CONFERENCE PROCEEDINGS
Advanced Search
Home > Proceedings > Volume 12176 > Article
Paper
6 May 2022 Research on Web application injection vulnerabilities detection method based on pattern matching
Qican Ma, Zehui Wu, Xinlei Wang, Qiang Wei
Author Affiliations +
Proceedings Volume 12176, International Conference on Algorithms, Microchips and Network Applications; 121761E (2022) https://doi.org/10.1117/12.2636397
Event: International Conference on Algorithms, Microchips, and Network Applications 2022, 2022, Zhuhai, China
Abstract
Attackers can exploit vulnerabilities in web applications to commit malicious acts such as corrupting application functionality and Trojan horse implantation. For injection vulnerabilities in Web applications, existing methods are limited by the variety of programming languages and the difficulty in extracting semantic information to detect complex vulnerabilities. The paper proposes a pattern matching-based method for identifying injection vulnerabilities in Web applications, which transforms vulnerability identification into path matching in graphical databases by modifying the code property graph to enable it to handle more complex inter-functional relationships in Web applications. In this paper, we designed and implemented a prototype system, VulnFinder. By collecting 100 randomly selected Github high star open-source projects as the dataset for performance testing, we found 262 real vulnerabilities and conducted comparison experiments with static scanning tools RIPS and Cobra, VulnFinder far exceeded the comparison tools in terms of vulnerability determination accuracy, and in terms of the dataset VulnFinder was 94% accurate in determining vulnerabilities in the dataset. In scanning large projects, VulnFinder was approximately 21% more efficient than the comparable methodology tool RIPS.
© (2022) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
Citation Download Citation
Qican Ma, Zehui Wu, Xinlei Wang, and Qiang Wei "Research on Web application injection vulnerabilities detection method based on pattern matching", Proc. SPIE 12176, International Conference on Algorithms, Microchips and Network Applications, 121761E (6 May 2022); https://doi.org/10.1117/12.2636397
ACCESS THE FULL ARTICLE
ORGANIZATIONAL
Sign in with credentials provided by your organization.
INSTITUTIONAL
Select your institution to access the SPIE Digital Library.
SELECT YOUR INSTITUTION
PERSONAL
Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.
PERSONAL SIGN IN
No SPIE Account? Create one
PURCHASE THIS CONTENT
SUBSCRIBE TO DIGITAL LIBRARY
50 downloads per 1-year subscription
Members: $195
Non-members: $335 ADD TO CART
25 downloads per 1 - year subscription
Members: $145
Non-members: $250 ADD TO CART
PURCHASE SINGLE ARTICLE
Includes PDF, HTML & Video, when available
Members: $17.00
Non-members: $21.00 ADD TO CART
PROCEEDINGS
 6 PAGES
DOWNLOAD PAPER SAVE TO MY LIBRARY
GET CITATION
Advertisement
Advertisement
RIGHTS & PERMISSIONS
Get copyright permission  Get copyright permission on Copyright Marketplace
KEYWORDS
Databases
Prototyping
Mining
Analytical research
Computer programming
Computer programming languages
Data processing
RELATED CONTENT
Subscribe to Digital Library
Receive Erratum Email Alert
Back to Top