Finding Java Security Vulnerabilities Using Static Analysis: Whence the Problem?
Name
Harald Astok
Abstract
In process of this Bachelor’s Thesis, vulnerability of Apache Struts 2 framework called CVE-2017-5638 is closely examined and static code analysis is conducted in order to determine if the vulnerability could have been detected earlier.
During the process an Apache Struts 2 source code with a vulnerability is examined and analysed with two free static code analysers – FindBugs and PMD. In addition, it is researched what influence the vulnerability had to average user, while examining the biggest known victim, which is consumer credit reporting agency Equifax.
During the process an Apache Struts 2 source code with a vulnerability is examined and analysed with two free static code analysers – FindBugs and PMD. In addition, it is researched what influence the vulnerability had to average user, while examining the biggest known victim, which is consumer credit reporting agency Equifax.
Graduation Thesis language
Estonian
Graduation Thesis type
Bachelor - Computer Science
Supervisor(s)
Vesal Vojdani
Defence year
2018