Developer Companion: A Framework to Produce Secure Web Applications

Software engineering and development is a very complex endeavor that contends with limited resources, potentially causing software to behave in an unexpected manner. Software developers often lack secure coding skills and its a major reason behind development of insecure web applications. In this work, we propose a developer companion as an integrated framework that can be integrated to any IDE to educate and help developers produce more secure code. This framework can be adopted and can be made more intelligent by focusing on historical security flaws in the development team. expert developers practices to overcome the security vulnerabilities. Keywords—web applications, source code, security, static analysis

[1]  James Walden,et al.  SAVI: Static-Analysis Vulnerability Indicator , 2012, IEEE Security & Privacy.

[2]  Benjamin Livshits,et al.  Finding Security Vulnerabilities in Java Applications with Static Analysis , 2005, USENIX Security Symposium.

[3]  Matunda Nyanchama Enterprise Vulnerability Management and Its Role in Information Security Management , 2005, Inf. Secur. J. A Glob. Perspect..

[4]  Bob Martin,et al.  2010 CWE/SANS Top 25 Most Dangerous Software Errors , 2010 .

[5]  Olutayo Bamidele Ajayi,et al.  Towards Building Secure Software Systems , 2006 .

[6]  M. Bouaziz,et al.  An Introduction to Computer Security , 2012 .

[7]  Laurie A. Williams,et al.  On the value of static analysis for fault detection in software , 2006, IEEE Transactions on Software Engineering.

[8]  Michael Gegick,et al.  Prioritizing software security fortification throughcode-level metrics , 2008, QoP '08.

[9]  Sandy Clark,et al.  Familiarity breeds contempt: the honeymoon effect and the role of legacy code in zero-day vulnerabilities , 2010, ACSAC '10.

[10]  Saudi Arabia,et al.  Evaluating Software Metrics as Predictors of Software Vulnerabilities , 2015 .

[11]  Kenneth Magel,et al.  Empirical Evaluation of a New Coupling Metric: Combining Structural and Semantic Coupling , 2014 .

[12]  Martha E. Crosby,et al.  What approaches work best for teaching secure coding practices , 2014 .

[13]  Shari Lawrence Pfleeger,et al.  Software Metrics : A Rigorous and Practical Approach , 1998 .

[14]  Laurie A. Williams,et al.  One Technique is Not Enough: A Comparison of Vulnerability Discovery Techniques , 2011, 2011 International Symposium on Empirical Software Engineering and Measurement.

[15]  Dongho Won,et al.  Detection and Mitigation of Web Application Vulnerabilities Based on Security Testing , 2012, NPC.

[17]  Matthew Finifter Exploring the Relationship Between Web Application Development Tools and Security , 2011, WebApps.

[18]  Ibrahim Abunadi,et al.  An Empirical Investigation of Security Vulnerabilities within Web Applications , 2016, J. Univers. Comput. Sci..

[19]  Michael Gegick,et al.  Predicting Attack-prone Components , 2009, 2009 International Conference on Software Testing Verification and Validation.

[20]  Marco Vieira,et al.  Defending against Web Application Vulnerabilities , 2012, Computer.