Are Open Source Web Applications Secure - Static Analysis Findings
Published: 2018
Author(s) Name: Mamdouh Alenezi, Mohammad Zarour and Khawlah Alomar |
Author(s) Affiliation: Prince Sultan University, Riyadh, Saudi Arabia.
Locked
Subscribed
Available for All
Abstract
Open source web applications are really taking over major businesses. The main inspiration claimed for these applications are security, popularity, and availability. In this work, Static analysis of the source code of multiple open-source web applications is performed in order to investigate the security vulnerabilities of these applications. The applications and static analysis tools are selected from open source community based on defined criteria of a number of downloads per week and user reviews. The results achieved are validated through both manual and automated inspections. It was found that most of the open source applications suffer from security issues and common vulnerabilities such as Cross-Site Scripting (XSS), access-modifiers and HTTP response splitting. After a detailed analysis of the results of different open source applications, the root causes identified were lack of programming experience, usage of customized programming constructs, instead of built-in constructs and lack of coding standards.
Keywords: Open source, Security, Vulnerabilities, Web applications.
View PDF