Security Checker to Detecting Vulnerabilities in Common Weaknesses Enumeration (CWE) Through JAVA Code

Authors

  • Ms.Deepa  Department of ISE, East Point College of Engineering and Technology, Bangalore, Karnataka, India
  • Dr. Chandramouli H  Department of ISE, East Point College of Engineering and Technology, Bangalore, Karnataka, India
  • Dr. Anitha N  Department of ISE, East Point College of Engineering and Technology, Bangalore, Karnataka, India

Keywords:

Common Weakness Enumeration (CWE), SECCHECK, Vulnerability, Degree of InSecurity Matric (ISM)

Abstract

In CWE (Common Weakness Enumeration) some weaknesses are categorized that usually occur in any software which are made by the programmers while writing the code so unknowingly done known mistakes are also made but these mistakes only gives a clear path for the attacker to make its way to enter into the code and modify it so as to cause problems that can really do a disastrous approach towards the users. This paper deals with detecting and finding out those weaknesses which can harm Software application by using a tool called SECCHECK. This Tool has been developed and it will detect few new Software weaknesses. The proposed tool takes Java source files as input and stores each line of input in memory. Then it scans each line of input based on factors that causes vulnerabilities. If it identifies any vulnerability then it displays messages alerting developer to correct these and also calculate the Degree of Insecurity in order to understand the level of insecurity in the application after been tested.

References

  1. www.ece.cmu.edu/~dbrumley/courses/18732f09/
  2. https://buildsecurityin.us-cert.gov/bsi/547.html#dsy547-BSI_princ
  3. http://en.wikipedia.org/wiki/Vulnerability_(computing)
  4. Asoke K.Talukder, Manish Chaitanya.”Architecting Secure Software Systems”, 2009
  5. http://rlc.vlinder.ca/blog/2009/09/security-at-the-design-phase-examples-review/
  6. http://msdn.microsoft.com/en-us/library/windows/desktop/cc307414.aspx
  7. Steven Lavenhar.”Code Analysis”, 2008.
  8. Robert C. Seacord Allen D. Householder.” A Structured Approach to Classifying Security Vulnerabilities”, January 2005
  9. CLASP Vulnerability View — Classes in CLASP Taxonomy, March 2006
  10. http://makingsecuritymeasurable.mitre.org/docs/cwe-intro-handout.pdf
  11. http://msdn.microsoft.com/en-us/library/windows/desktop/cc307416.aspx
  12. Michal Chmielewski, Neill Clift, Sergiusz Fonrobert and Tomasz Ostwald ,”Find and Fix Vulnerabilities Before Your Application Ships”.
  13. Steven M. Christey, Janis E. Kenderdine, John M.Mazella and Brendan Miles. “CWE V2.0”: 2011
  14. http://en.wikipedia.org/wiki/Off-by-one_error
  15. http://cwe.mitre.org/data/definitions/789.html
  16. http://cwe.mitre.org/data/definitions/20.html.
  17. http://cwe.mitre.org/data/definitions/754.html.
  18. http://en.wikipedia.org/wiki/Arithmetic_underflow
  19. http://my.safaribooksonline.com/book/software-engineering-and-development/0321166078/floating-point-arithmetic/ch08lev1sec4
  20. http://javapapers.com/core-java/java-overflow-and-underflow/
  21. Dead Code: http://en.wikipedia.org/wiki/Dead_code
  22. http://link.springer.com/static-content/lookinside/891/chp%253A10.1007%252F978-3-642-35606-3_16/000.png
  23. collaboration.csc.ncsu.edu/laurie/Papers/ICSE_Final_MCG_LW.pdf‎
  24. seij.dce.edu/vol-2/paper5.pdf‎
  25. https://buildsecurityin.us-cert.gov/articles/knowledge/sdlc-process/secure-software-development-life-cycle-processes
  26. https://lh6.googleusercontent.com/-S-VcaHPug00/UVHExiEmXAI/AAAAAAAALQs/Jik0EqgAvjs/s1867/2013%25252006%25253A25.jpg
  27. www-lor.int-evry.fr/~anna/files/sec-mda09.pdf‎
  28. http://en.wikipedia.org/wiki/Penetration_test
  29. http://en.wikipedia.org/wiki/Security_testing
  30. finalize() Method Declared Public: http://cwe.mitre.org/data/definitions/583.html
  31. https://www.securecoding.cert.org/.../MET12-J.+Do+not+use+finalizers‎
  32. Improper Initialization: http://cwe.mitre.org/data/definitions/665
  33. http://books.google.co.in/books?id=8d-qU8K0BN4C&pg=PT128&lpg=PT128&dq=improper+initialization&source=bl&ots=TjhUdhx-1G&sig=y3Di4gH_Iea6_BrzdsbFTaheIso&hl=en&sa=X&ei=xm21Ucs4zpOuB9mVgMAN&ved=0CEoQ6AEwBjge
  34. http://www.oracle.com/technetwork/java/seccodeguide-139067.html#5
  35. Michal Chmielewski, Neill Clift, Sergiusz Fonrobert and Tomasz Ostwald ,”Find and Fix Vulnerabilities Before Your Application Ships”.
  36. http://www.its.ny.gov/pmmp/guidebook2/SystemImplement.pdf

International Journal of Scientific Research in Science, Engineering and Technology

Downloads

Published

2021-07-30

Issue

Volume 9, Issue 4, July-August-2021

Section

Research Articles

License

Copyright (c) IJSRSET

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

[1]
Ms.Deepa, Dr. Chandramouli H, Dr. Anitha N "Security Checker to Detecting Vulnerabilities in Common Weaknesses Enumeration (CWE) Through JAVA Code" International Journal of Scientific Research in Science, Engineering and Technology (IJSRSET), Print ISSN : 2395-1990, Online ISSN : 2394-4099, Volume 9, Issue 4, pp.207-214, July-August-2021.