TAJ

TAJ: effective taint analysis of web applications. Taint analysis, a form of information-flow analysis, establishes whether values from untrusted methods and parameters may flow into security-sensitive operations. Taint analysis can detect many common vulnerabilities in Web applications, and so has attracted much attention from both the research community and industry. However, most static taint-analysis tools do not address critical requirements for an industrial-strength tool. Specifically, an industrial-strength tool must scale to large industrial Web applications, model essential Web-application code artifacts, and generate consumable reports for a wide range of attack vectors. We have designed and implemented a static Taint Analysis for Java (TAJ) that meets the requirements of industry-level applications. TAJ can analyze applications of virtually any size, as it employs a set of techniques designed to produce useful answers given limited time and space. TAJ addresses a wide variety of attack vectors, with techniques to handle reflective calls, flow through containers, nested taint, and issues in generating useful reports. This paper provides a description of the algorithms comprising TAJ, evaluates TAJ against production-level benchmarks, and compares it with alternative solutions.

Keywords for this software

Anything in here will be replaced on browsers that support the canvas element

References in zbMATH (referenced in 7 articles )

Showing results 1 to 7 of 7.
Sorted by year (citations)

  1. Ferrara, Pietro; Olivieri, Luca; Spoto, Fausto: \textsfBackFlow: backward context-sensitive flow reconstruction of taint analysis results (2020)
  2. Wüstholz, Valentin; Olivo, Oswaldo; Heule, Marijn J. H.; Dillig, Isil: Static detection of DoS vulnerabilities in programs that use regular expressions (2017)
  3. Prokhorenko, Victor; Choo, Kim-Kwang Raymond; Ashman, Helen: Context-oriented web application protection model (2016)
  4. Rimsa, Andrei; D’Amorim, Marcelo; Pereira, Fernando Magno Quintão; Bigonha, Roberto S.: Efficient static checker for tainted variable attacks (2014)
  5. Beringer, Lennart; Grabowski, Robert; Hofmann, Martin: Verifying pointer and string analyses with region type systems (2013)
  6. Zhu, Haiyan; Dillig, Thomas; Dillig, Isil: Automated inference of library specifications for source-sink property verification (2013)
  7. Zhang, Ruoyu; Huang, Shiqiu; Qi, Zhengwei; Guan, Haibing: Static program analysis assisted dynamic taint tracking for software vulnerability discovery (2012) ioport