Get access

Static detection of logic vulnerabilities in Java web applications

Authors

  • Zhejun Fang,

    1. National Computer Network Intrusion Protection Center, Graduate University of the Chinese Academy of Sciences, Beijing, China
    Search for more papers by this author
  • Yuqing Zhang,

    Corresponding author
    1. National Computer Network Intrusion Protection Center, Graduate University of the Chinese Academy of Sciences, Beijing, China
    • Correspondence: Yuqing Zhang, National Computer Network Intrusion Protection Center, Graduate University of the Chinese Academy of Sciences, Beijing 100049, China.

      E-mail: zhangyq@gucas.ac.cn

    Search for more papers by this author
  • Ying Kong,

    1. National Computer Network Intrusion Protection Center, Graduate University of the Chinese Academy of Sciences, Beijing, China
    Search for more papers by this author
  • Qixu Liu

    1. National Computer Network Intrusion Protection Center, Graduate University of the Chinese Academy of Sciences, Beijing, China
    Search for more papers by this author

ABSTRACT

This paper concerns about logic vulnerabilities that result from faulty logic of a web application. Logic vulnerabilities typically accompany with the exposure of unexpected functionalities and lead to the bypass of the intended constraints. From a semantic perspective, logic vulnerabilities occur when mistakes arise in the control flows guarding the processes of invoking critical functionalities. In this paper, we propose the first lightweight static analysis approach to automatically detect logic vulnerabilities in Java web applications. Logic errors in our approach are characterized as erroneous invocations of functionalities. Program-slicing technique has been leveraged to capture the processes of invoking critical functionalities. A back-tracing algorithm is originally designed to extract control flows guarding functionality-invocation processes. Finally, logic vulnerability detection is transformed into mining abnormal functionality-invocation processes in a cluster of similar ones by comparing these processes' control flows. We implemented our approach in a prototype tool named logic vulnerability detector and evaluated it on seven real-world applications scaled from thousands to million lines of code. The evaluation results show that our approach achieves bigger coverage with acceptable cost and better scalability than previous approaches. Copyright © 2013 John Wiley & Sons, Ltd.

Get access to the full text of this article

Ancillary