Benchmark suite for "An Integrated Approach for Effective Injection Vulnerability Analysis of Web Applications through Security Slicing and Hybrid Constraint Solving"

Citation Author(s):
Julian Thomé, Lwin Khin Shar, Domenico Bianculli, Lionel Briand
Submitted by:
Julian Thome
Last updated:
Thu, 11/08/2018 - 10:34
0 ratings - Please login to submit your rating.


This dataset is composed of the following benchmarks:

  • JOACO-Suite is our homegrown benchmark composed of 11 open-source Java Web applications/services and security benchmark applications, with known XSS, XMLi, XPathi, LDAPi, and SQLi vulnerabilities.
  • Pisa-Suite contains 12 constraints extracted from real-world Java sanitizer methods. These constraints have been used in the evaluation of the PISA system.
  • AppScan-Suite contains 8 constraints derived from the security warnings emitted by IBM Security AppScan, a commercial vulnerability scanner tool, when executing on a set of popular websites. The generated warnings contain traces of program statements that reflect potentially vulnerable information flows.
  • Kausler-Suite contains 120 constraints obtained from eight Java programs via dynamic symbolic execution. This benchmark has been used for evaluating four string constraint solvers in the context of symbolic execution.
  • Cashew-Suite contains 394 distinct constraints obtained through the normalization of the constraints of the SMC/Kaluza benchmark by means of the Cashew tool.
  • Stranger-Suite contains 9 constraints extracted from real-word PHP applications used in the evaluation of the Stranger tool.

Every benchmark suite is provided as a tar.gz archive. For every benchmark suite, the ground truth can be found in the file groundtruth.txt. You may also find different directories sol, smt or z3str2 that contain the attack conditions in Joaco's input format, the SMT-LIB input format and/or the input format of Z3str2, respectively. Please note that not all attack conditions could be translated to the SMT-LIB or the Z3str2 format because they contained operations not supported by SMT solvers.