|Title: " Finding Security Vulnerabilities in Web-Applications with Static Analysis "|
Abstract— The security of Web applications has become increasingly important in the last decade. The Web based enterprise applications deal with sensitive financial and medical data. Therefore the web applications are created by giving major preference to security since highly confidential data need to be secured and it is also crucial to protect these applications from hacker attacks. A recent study has exploited that attackers has been using two vulnerabilities methods to hack any web application that is SQL INJECTION(SQLi) and XSS CROSS SCRIPTING(XSS).SQL injections are caused by unchecked user input being passed to a back-end database for execution and Cross-site scripting occurs when dynamically generated Web pages display input that has not been properly validated. The existing system finds all vulnerabilities matching a specification in the statically analyzed code. The Results of our static analysis are presented to the user for assessment in an auditing interface and We also propose a static analysis approach based on a scalable and precise points-to analysis. The extensive experimental results are congruent with the theoretical analysis. .
Keywords — SQL Injection, Cross-Site Scripting, Web Application Security, Detection of security attacks, Application Security Prevention Techniques.