Library Code Security Analysis

Abstract

Eighty percent of code in modern web applications comes from various third party libraries and frameworks and 26% of the most commonly used libraries contain vulnerabilities. According to data gathered analyzing 29.8 million libraries, the majority of library flaws are yet to be discovered and most organizations do not seem to have a process in place for validating or analyzing the open source and third party libraries they use every day. This effort focused on creating a tool that leverages an Interactive Application Security Testing (IAST) tool, Contrast, to identify previously unknown vulnerabilities in Java libraries. This technology will give previously unavailable insight into the security posture of open source libraries that many organizations often falsely assume are secure.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Nov 01, 2013
Accession Number
ADA589844

Entities

People

  • Arshan Dabirsiaghi
  • Bojan Simic
  • Jeff Williams

Tags

Communities of Interest

  • Cyber
  • Energy and Power Technologies

DTIC Thesaurus Topics

  • Air Force
  • Air Force Research Laboratories
  • Computer Programming
  • Computer Programs
  • Contrast
  • Cryptography
  • Databases
  • Domain Specific Programming Languages
  • Grammars
  • Java Programming Language
  • Linguistics
  • Object-Oriented Database Management Systems
  • Programming Languages
  • Security
  • Spreadsheet Software
  • Web Applications
  • Xml

Fields of Study

  • Computer science

Readers

  • Database Systems and Applications
  • Educational Psychology
  • Strategic Security Studies