Benchmark suite for "An Integrated Approach for Effective Injection Vulnerability Analysis of Web Applications through Security Slicing and Hybrid Constraint Solving"

Citation Author(s):
Julian Thomé, Lwin Khin Shar, Domenico Bianculli, Lionel Briand
Submitted by:
Julian Thome
Last updated:
Tue, 05/17/2022 - 22:17
DOI:
10.21227/H2ZQ1N
Research Article Link:
Links:
License:
0
0 ratings - Please login to submit your rating.

Abstract 

This dataset is composed of the following benchmarks:

  • JOACO-Suite is our homegrown benchmark composed of 11 open-source Java Web applications/services and security benchmark applications, with known XSS, XMLi, XPathi, LDAPi, and SQLi vulnerabilities.
  • Pisa-Suite contains 12 constraints extracted from real-world Java sanitizer methods. These constraints have been used in the evaluation of the PISA system.
  • AppScan-Suite contains 8 constraints derived from the security warnings emitted by IBM Security AppScan, a commercial vulnerability scanner tool, when executing on a set of popular websites. The generated warnings contain traces of program statements that reflect potentially vulnerable information flows.
  • Kausler-Suite contains 120 constraints obtained from eight Java programs via dynamic symbolic execution. This benchmark has been used for evaluating four string constraint solvers in the context of symbolic execution.
  • Cashew-Suite contains 394 distinct constraints obtained through the normalization of the constraints of the SMC/Kaluza benchmark by means of the Cashew tool.
  • Stranger-Suite contains 9 constraints extracted from real-word PHP applications used in the evaluation of the Stranger tool.

Comments

.

Submitted by shubham singh on Mon, 09/02/2024 - 10:13