Download PDFOpen PDF in browser

CWE Pattern Recognition Algorithm in Any-Language Source Code

EasyChair Preprint 2147

2 pagesDate: December 12, 2019

Abstract

Source code became one of the backbones for business and personal processes, with significant growth rate. As applications are one of the most used attack surfaces against individuals and organizations from all sectors, their intrinsic vulnerability arising from the supporting source code must be reduced by design. Currently there are technology providers and open communities which provide Static Analysis Security Testing (SAST) solutions, able to detect vulnerabilities in code written in the most used programming languages and development frameworks.

The proposed solution consists of a Code Analysis Module that can identifies vulnerability patterns in source code written in languages with less coverage, including code developed in languages which have not been previously learned by the solution. The ability of understanding and transforming unknown programming languages to the Intermediate Representation, which is then analyzed by a common machine learning algorithm for vulnerability patterns, is core idea for this research project.

Keyphrases: Application Security, Software Vulnerabilities, static analysis, vulnerability detection

BibTeX entry
BibTeX does not have the right entry for preprints. This is a hack for producing the correct reference:
@booklet{EasyChair:2147,
  author    = {Sergiu Zaharia},
  title     = {CWE Pattern Recognition Algorithm in Any-Language Source Code},
  howpublished = {EasyChair Preprint 2147},
  year      = {EasyChair, 2019}}
Download PDFOpen PDF in browser