Blending Static and Dynamic Analysis for Web Application Vulnerability Detection: Methodology and Case Study

Blending Static and Dynamic Analysis for Web Application Vulnerability Detection: Methodology and Case Study

Static Analysis (SA) and Dynamic Analysis (DA) are complementary techniques for searching web application vulnerabilities. Typically, SA detects more vulnerabilities but reports a higher number of false positives, whereas DA finds less but with better precision. In this paper, we blend SA and DA to...

Full description

Saved in:

Bibliographic Details
Main Authors:	Paulo Nunes, Jose Fonseca, Marco Vieira
Format:	Article
Language:	English
Published:	IEEE 2025-01-01
Series:	IEEE Access
Subjects:	Static analysis dynamic analysis vulnerability detection execution traces SQLi blend analysis
Online Access:	https://ieeexplore.ieee.org/document/10813334/
Tags:	Add Tag No Tags, Be the first to tag this record!

Similar Items

Dynamics and Statics Analysis of Manipulator of Coalmine Detection Robot
by: Li Yang, et al.
Published: (2017-01-01)

Survey on static software vulnerability detection for source code
by: Zhen LI, et al.
Published: (2019-02-01)

Automatic detection method of software upgrade vulnerability based on network traffic analysis
by: Jinhui TENG, et al.
Published: (2020-02-01)

Software patch comparison technology through semantic analysis on function
by: Yan CAO, et al.
Published: (2019-10-01)

Malware detection technology analysis and applied research of android platform
by: Wei-ping WEN, et al.
Published: (2014-08-01)

Game-based detection method of broken access control vulnerabilities in Web application
by: HE Haitao, et al.
Published: (2024-06-01)

Automated vulnerability discovery method for 5G core network protocol
by: Peixiang WU, et al.
Published: (2024-02-01)

Research on host malcode detection using machine learning
by: Dong ZHANG, et al.
Published: (2017-07-01)

PyFuzzer：automatic in-memory fuzz testing method
by: Wei-ming LI, et al.
Published: (2013-09-01)

Analysis of Static and Dynamic Characteristic of a Transfer Gearbox based on Finite Element
by: Xue Song, et al.
Published: (2018-01-01)

Toward discovering and exploiting private server-side Web API
by: Jia CHEN, et al.
Published: (2016-12-01)

Research on OLE object vulnerability analysis for RTF file
by: De-guang LE, et al.
Published: (2016-01-01)

Statics Analysis of a New Type of Probe with Parallel Compliant Constraint
by: Li Baokun, et al.
Published: (2018-01-01)

A detection method of Android system vulnerabilities based on matching
by: iayuan ZHANGJ
Published: (2016-05-01)

Combined Elastic and Limit Analysis for Seismic Vulnerability Assessment of Pitched Portal Frames
by: Marco Postiglione, et al.
Published: (2024-12-01)

Design and implementation of OSPF vulnerability analysis and detection system
by: Zun-ying QIN, et al.
Published: (2013-09-01)

Research on context-aware Android application vulnerability detection
by: Jiawei QIN, et al.
Published: (2021-11-01)

Blended Learning in the Spotlight of Educational Management - A Scientometric Analysis
by: Jelena Jardas Antonić, et al.
Published: (2024-01-01)

Structure Design and Static Analysis of the Underactuated Three-knuckle Manipulator with a Reverse Rope-pulley Mechanism
by: Piao Jinsheng, et al.
Published: (2023-12-01)

Measuring social vulnerability in communities and its association with leprosy burden through spatial intelligence in central West Brazil to guide strategic actions
by: José Francisco Martoreli Júnior, et al.
Published: (2024-12-01)

Universal patching method for side-channel vulnerabilities based on atomic obfuscation
by: Deqing ZOU, et al.
Published: (2022-04-01)

STATIC ANALYSIS AND STRUCTUREOPTIMIZATION OF THE 18 m~3 CONCRETEMIXING TRUCKSUBFRAME
by: SHI WeiChao, et al.
Published: (2018-01-01)

Blending-Based Ensemble Learning Low-Voltage Station Area Theft Detection
by: Dunchu Chen, et al.
Published: (2024-12-01)

Android malware detection method based on deep neural network
by: Fan CHAO, et al.
Published: (2020-10-01)

Static Analysis and Improved Design of the Overrunning Clutch of Smart Gas Meter Valve
by: Lü Lin, et al.
Published: (2016-01-01)

Multi-feature fusion malware detection method based on attention and gating mechanisms
by: Zhongyuan CHEN, et al.
Published: (2024-02-01)

Study on the Static Stiffness of the Flexible Composite Connecting Rod
by: Zong Hao, et al.
Published: (2016-01-01)

Research on RTF array overflow vulnerability detection
by: De-guang LE, et al.
Published: (2017-05-01)

Malware classification method based on static multiple-feature fusion
by: Bo-wen SUN, et al.
Published: (2017-11-01)

AUTOMOBILE TRANSMISSION SHAFT ASSEMBLY STATIC AND DYNAMIC CHARACTERISTICS ANALYSIS
by: PAN Yu
Published: (2017-01-01)

Hardcoded vulnerability detection approach for IoT device firmware
by: Chao MU, et al.
Published: (2022-10-01)

Exploit detection based on illegal control flow transfers identification
by: Ming-hua WANG, et al.
Published: (2014-09-01)

Vulnerability Testing and Analysis on Websites and Web-Based Applications in the XYZ Faculty Environment Using Acunetix Vulnerability
by: Mifthahul Rahmi, et al.
Published: (2024-12-01)

Research of the Influence of Supporting Method on the Statics Characteristic of Large Wind Turbine Gearbox
by: Ji Kefeng, et al.
Published: (2018-01-01)

DEVELOPMENT IN RESEARCH ON THE MECHANICAL PROPERTY OF ADHESIVE JOINTS
by: WANG YuQi, et al.
Published: (2016-01-01)

Quantum Vulnerability Analysis to Guide Robust Quantum Computing System Design
by: Fang Qi, et al.
Published: (2024-01-01)

LinRegDroid: Detection of Android Malware Using Multiple Linear Regression Models-Based Classifiers
by: Durmus Ozkan Sahin, et al.
Published: (2022-01-01)

STATIC ANALYSIS AND FREE VIBRATION ANALYSIS OF THE PYRAMIDAL LATTICE SANDWICH STRUCTURE BASED ON LAYERWISE/SOLID-ELEMENTS METHOD
by: QIAN RuoLi, et al.
Published: (2019-01-01)

Heat-related mortality in Mexico: A multi-scale spatial analysis of extreme heat effects and municipality-level vulnerability
by: Lara Schwarz, et al.
Published: (2025-01-01)

Groundwater Pollution Vulnerability in Kabul, Afghanistan, Assessed Using a Geographical Information System (GIS)-Based DRASTIC Model
by: Hasibullah Jahish, et al.
Published: (2025-01-01)