Benchmark suite for "An Integrated Approach for Effective Injection Vulnerability Analysis of Web Applications through Security Slicing and Hybrid Constraint Solving"

facebooktwitterRSSmailshare
Abstract: 

This dataset is composed of the following benchmarks:

  • JOACO-Suite is our homegrown benchmark composed of 11 open-source Java Web applications/services and security benchmark applications, with known XSS, XMLi, XPathi, LDAPi, and SQLi vulnerabilities.
  • Pisa-Suite contains 12 constraints extracted from real-world Java sanitizer methods. These constraints have been used in the evaluation of the PISA system.
  • AppScan-Suite contains 8 constraints derived from the security warnings emitted by IBM Security AppScan, a commercial vulnerability scanner tool, when executing on a set of popular websites. The generated warnings contain traces of program statements that reflect potentially vulnerable information flows.
  • Kausler-Suite contains 120 constraints obtained from eight Java programs via dynamic symbolic execution. This benchmark has been used for evaluating four string constraint solvers in the context of symbolic execution.
  • Cashew-Suite contains 394 distinct constraints obtained through the normalization of the constraints of the SMC/Kaluza benchmark by means of the Cashew tool.
  • Stranger-Suite contains 9 constraints extracted from real-word PHP applications used in the evaluation of the Stranger tool.
Instructions: 

Every benchmark suite is provided as a tar.gz archive. For every benchmark suite, the ground truth can be found in the file groundtruth.txt. You may also find different directories sol, smt or z3str2 that contain the attack conditions in Joaco's input format, the SMT-LIB input format and/or the input format of Z3str2, respectively. Please note that not all attack conditions could be translated to the SMT-LIB or the Z3str2 format because they contained operations not supported by SMT solvers.

Dataset Files

You must be an IEEE Dataport Subscriber to access these files. Login or subscribe now.

Help us make IEEE DataPort better. Sign up to be a Beta Tester and receive a coupon code for a free subscription to IEEE DataPort! Learn More

Dataset Details

Citation Author(s):
Julian Thomé, Lwin Khin Shar, Domenico Bianculli, Lionel Briand
Submitted by:
Julian Thome
Last updated:
Fri, 06/08/2018 - 04:12
DOI:
10.21227/H2ZQ1N
Links:
 
Share / Embed Cite

Subscribe

Embed this dataset on another website

Copy and paste the HTML code below to embed your dataset:

Share via email or social media

Click the buttons below:

facebooktwittermailshare
[1] Julian Thomé, Lwin Khin Shar, Domenico Bianculli, Lionel Briand, "Benchmark suite for "An Integrated Approach for Effective Injection Vulnerability Analysis of Web Applications through Security Slicing and Hybrid Constraint Solving"", IEEE Dataport, 2018. [Online]. Available: http://dx.doi.org/10.21227/H2ZQ1N. Accessed: Jun. 17, 2018.
@data{h2zq1n-18,
doi = {10.21227/H2ZQ1N},
url = {http://dx.doi.org/10.21227/H2ZQ1N},
author = {Julian Thomé; Lwin Khin Shar; Domenico Bianculli; Lionel Briand },
publisher = {IEEE Dataport},
title = {Benchmark suite for "An Integrated Approach for Effective Injection Vulnerability Analysis of Web Applications through Security Slicing and Hybrid Constraint Solving"},
year = {2018} }
TY - DATA
T1 - Benchmark suite for "An Integrated Approach for Effective Injection Vulnerability Analysis of Web Applications through Security Slicing and Hybrid Constraint Solving"
AU - Julian Thomé; Lwin Khin Shar; Domenico Bianculli; Lionel Briand
PY - 2018
PB - IEEE Dataport
UR - 10.21227/H2ZQ1N
ER -
Julian Thomé, Lwin Khin Shar, Domenico Bianculli, Lionel Briand. (2018). Benchmark suite for "An Integrated Approach for Effective Injection Vulnerability Analysis of Web Applications through Security Slicing and Hybrid Constraint Solving". IEEE Dataport. http://dx.doi.org/10.21227/H2ZQ1N
Julian Thomé, Lwin Khin Shar, Domenico Bianculli, Lionel Briand, 2018. Benchmark suite for "An Integrated Approach for Effective Injection Vulnerability Analysis of Web Applications through Security Slicing and Hybrid Constraint Solving". Available at: http://dx.doi.org/10.21227/H2ZQ1N.
Julian Thomé, Lwin Khin Shar, Domenico Bianculli, Lionel Briand. (2018). "Benchmark suite for "An Integrated Approach for Effective Injection Vulnerability Analysis of Web Applications through Security Slicing and Hybrid Constraint Solving"." Web.
1. Julian Thomé, Lwin Khin Shar, Domenico Bianculli, Lionel Briand. Benchmark suite for "An Integrated Approach for Effective Injection Vulnerability Analysis of Web Applications through Security Slicing and Hybrid Constraint Solving" [Internet]. IEEE Dataport; 2018. Available from : http://dx.doi.org/10.21227/H2ZQ1N
Julian Thomé, Lwin Khin Shar, Domenico Bianculli, Lionel Briand. "Benchmark suite for "An Integrated Approach for Effective Injection Vulnerability Analysis of Web Applications through Security Slicing and Hybrid Constraint Solving"." doi: 10.21227/H2ZQ1N