Open AccessAutomated server-side model for recognition of security vulnerabilities in scripting languages
Author(s) -
Rabab Farouk Abdel-Kader,
Moshaat,
Mohamed I. Habib,
Hani Mahdi
Publication year - 2020
Publication title -
international journal of power electronics and drive systems/international journal of electrical and computer engineering
Language(s) - English
Resource type - Journals
eISSN - 2722-2578
pISSN - 2722-256X
DOI - 10.11591/ijece.v10i6.pp6061-6070
Subject(s) - cross site scripting , computer science , scripting language , web application security , web application , computer security , secure coding , security bug , computer security model , web server , world wide web , application security , software security assurance , web service , web development , security service , information security , the internet , operating system
With the increase of global accessibility of web applications, maintaining a reasonable security level for both user data and server resources has become an extremely challenging issue. Therefore, static code analysis systems can help web developers to reduce time and cost. In this paper, a new static analysis model is proposed. This model is designed to discover the security problems in scripting languages. The proposed model is implemented in a prototype SCAT, which is a static code analysis Tool. SCAT applies the phases of the proposed model to catch security vulnerabilities in PHP 5.3. Empirical results attest that the proposed prototype is feasible and is able to contribute to the security of real-world web applications. SCAT managed to detect 94% of security vulnerabilities found in the testing benchmarks; this clearly indicates that the proposed model is able to provide an effective solution to complicated web systems by offering benefits of securing private data for users and maintaining web application stability for web applications providers.