Smart Source code Analyzer to Detect Security Vulnerabilities

Abstract

Web based applications are more vulnerable to unauthorized access. Recently web applications are more important for organizations to implement their business activities and sensitive information sharing among owners. To solve security problems (cyber-attacks, threats) organizations are expending huge money to penetration testing, vulnerability assessments for their IT resources. According to OWASP ratings there are most vulnerable areas in web development. Injection, Broken authentication, Sensitive data exposure, XML external entities (XXE), Broken access control, Security misconfigurations, Cross site scripting (XSS), Insecure deserialization are some top vulnerabilities that can be happened in web application. SQL injection attack can destroy the web application or any online application. SQLI will allow attackers to access, modify, delete sensitive information of application back-end database without authorization. It is possible to run arbitrary commands with using SQL injection which uses high system privileges. Hence effect is high critical. Most of SQL injection attacks are from user inputs dynamically generated. Normally there are several ways to write a code. So those codes can be vulnerable for attacks. Specially SQL injection attacks because of unprepared coding and not follow secure code standards. As example we can write SQL injection prevention code with using prepared statements. In java they have SQL injection safer method which is prepared statement. As example [email: ‘ OR ‘1’ = ‘1 Password: ‘ OR ‘1’ = ‘1] code generate [SELECT userid FROM employee WHERE id = ‘1’ OR ‘1’ = ‘1’ AND password = ‘1’ OR ‘1’ = ‘1’] query. Because this generate WHERE clause always TRUE. [2] So attacker can log into system without valid login id and password. As well as retrieve sensitive information or meta data about database schema such as database names, table names, table field names, table field data types. So this is big issue and harmful for applications. Cross-Site Scripting (XSS) is a most famous attack type by hackers inserting malicious code samples for web application client side (use JavaScript codes for front end not attack host server). These kinds of attacks can be happened mostly because of not proper validation of the content. This is about mostly happened retrieving user sessions, session tokens, sensitive information and cookies, hijack accounts, spread web worms, access browser history and clipboard contents, control web browser remotely, scan and exploit internal network applications. Majority of web sites as example 70% of them are vulnerable to XSS attacks. XSS can be classified into two parts. Those are namely reflected XSS and XSS stored. This is about inserting malicious JavaScript code to web application URL.[3] These are happening due to unsecure software writings. Many software engineers are not aware of security coding standards and they only focus about developing. But the main critical and important thing is security of web application. It should be in developing stage. So this research is to identify security vulnerabilities of software code and future enhancement of this research is to suggest alternative best suitable secure code lines. In my research I focus mostly on SQL injection. So finding SQL injection varieties and prevention ways of writing SQL queries. Apart of that I can find more details about more vulnerabilities such as buffer overflow, xss attacks that can be happened to web application or codes. These are fed into vulnerability database tables and also prevention methods of such vulnerabilities are stored in another database table. In my research I’m going to design web application that allows user to paste their coding. Then he can check whether those have security problems with displaying tooltip about security issue about code and generate report about vulnerability. I develop this from PHP as web language and MYSQL as database management system. There are several tables with having security issue sample codes as well as correct way of writing those related security problem prevention codes. There are several ways to identify developer pasted code in my webpage. Those are abstract syntax tree, code comparing hash key generation etc. I use arrays to collect pasted code with tokens. It is similar way of abstract syntax tree. After that before comparing I develop a function to identify which kind of vulnerability is existing in that pasted code in my web page. For that I have another special database table with having specific kind of vulnerability key words. Database table has sql keywords such as select, insert etc. If pasted code is having select query found then I use next comparing that the code is having security problem. Then it is going to compare tokenized code with vulnerability database tables and correct way and best practices of secure coding database tables. In this project I try to do sql injection vulnerability. So finding all type of sql injection attacks and collect vulnerable codes and feed those into my database table. Up to now I do this to check PHP code. Future I can enhance to other languages