Open Access. Powered by Scholars. Published by Universities.®
Programming Languages and Compilers Commons™
Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 1 of 1
Full-Text Articles in Programming Languages and Compilers
Joanaudit: A Tool For Auditing Common Injection Vulnerabilities, Julian Thome, Lwin Khin Shar, Domenico Bianculli, Lionel Briand
Joanaudit: A Tool For Auditing Common Injection Vulnerabilities, Julian Thome, Lwin Khin Shar, Domenico Bianculli, Lionel Briand
Research Collection School Of Computing and Information Systems
JoanAudit is a static analysis tool to assist security auditors in auditing Web applications and Web services for common injection vulnerabilities during software development. It automatically identifies parts of the program code that are relevant for security and generates an HTML report to guide security auditors audit the source code in a scalable way. JoanAudit is configured with various security-sensitive input sources and sinks relevant to injection vulnerabilities and standard sanitization procedures that prevent these vulnerabilities. It can also automatically fix some cases of vulnerabilities in source code — cases where inputs are directly used in sinks without any form …