全部 标题 作者
关键词 摘要

OALib Journal期刊
ISSN: 2333-9721
费用:99美元

查看量下载量

相关文章

更多...

Source Code Analysis to Remove Security Vulnerabilities in Java Socket Programs: A Case Study

Keywords: Software vulnerabilities , Source code analysis , Resource Injection , Path manipulation , System information leak , Denial of service , Unreleased resource , Network security

Full-Text   Cite this paper   Add to My Lib

Abstract:

This paper presents the source code analysis of a file reader server socket program (connection-orientedsockets) developed in Java, to illustrate the identification, impact analysis and solutions to remove fiveimportant software security vulnerabilities, which if left unattended could severely impact the serverrunning the software and also the network hosting the server. The five vulnerabilities we study in thispaper are: (1) Resource Injection, (2) Path Manipulation, (3) System Information Leak, (4) Denial ofService and (5) Unreleased Resource vulnerabilities. We analyze the reason why each of thesevulnerabilities occur in the file reader server socket program, discuss the impact of leaving themunattended in the program, and propose solutions to remove each of these vulnerabilities from theprogram. We also analyze any potential performance tradeoffs (such as increase in code size and loss offeatures) that could arise while incorporating the proposed solutions on the server program. Theproposed solutions are very generic in nature, and can be suitably modified to correct any suchvulnerabilities in software developed in any other programming language. We use the Fortify SourceCode Analyzer to conduct the source code analysis of the file reader server program, implemented on aWindows XP virtual machine with the standard J2SE v.7 development kit.

Full-Text

Contact Us

[email protected]

QQ:3279437679

WhatsApp +8615387084133