University of Twente Student Theses
Generating Specifications to Verify the Correctness of Sanitizers
Huisman, D.A.J. (2021) Generating Specifications to Verify the Correctness of Sanitizers.
|
PDF
302kB |
| Abstract: | Web applications widely use string sanitizers to prevent injection vulnerabilities, such as SQL injection and cross-site scripting (XSS). However, it is difficult to write correct sanitizers without introducing injection vulnerabilities. It is therefore important to verify the correctness of sanitizers. Previous work has presented an approach for verifying correctness by comparing learned models of sanitizers to specifications of the desired behaviour. It can be time-consuming to write these specifications by hand. Therefore, this paper presents an approach for automatically generating sanitizer specifications from minimal user input. Firstly, a classification of different types of sanitizer specifications was made. Secondly, automatic generation techniques have been conceived and implemented. Lastly, a domain-specific language is introduced which enables users to easily interact with the generation techniques. The domain-specific language also allows users to combine, export and test the generated sanitizer specifications. |
| Item Type: | Essay (Bachelor) |
| Faculty: | EEMCS: Electrical Engineering, Mathematics and Computer Science |
| Subject: | 54 computer science |
| Programme: | Computer Science BSc (56964) |
| Link to this item: | http://purl.utwente.nl/essays/85662 |
| Export this item as: | BibTeX EndNote HTML Citation Reference Manager |
Show download statistics for this publication
Show download statistics for this publicationRepository Staff Only: item control page