International Journal of System & Software Engineering

Open Access Open Access  Restricted Access Subscription Access
Open Access Open Access Open Access  Restricted Access Restricted Access Subscription Access

Are Open Source Web Applications Secure? Static Analysis Findings


Affiliations
1 Prince Sultan University, Riyadh,, Saudi Arabia
     

   Subscribe/Renew Journal


Open source web applications are really taking over major businesses. The main inspiration claimed for these applications are security, popularity, and availability. In this work, Static analysis of the source code of multiple open-source web applications is performed in order to investigate the security vulnerabilities of these applications. The applications and static analysis tools are selected from open source community based on defined criteria of a number of downloads per week and user reviews. The results achieved are validated through both manual and automated inspections. It was found that most of the open source applications suffer from security issues and common vulnerabilities such as Cross-Site Scripting (XSS), access-modifiers and HTTP response splitting. After a detailed analysis of the results of different open source applications, the ischolar_main causes identified were lack of programming experience, usage of customized programming constructs, instead of built-in constructs and lack of coding standards.

Keywords

Open Source, Security, Vulnerabilities, Web Applications.
Subscription Login to verify subscription
User
Notifications
Font Size



  • Are Open Source Web Applications Secure? Static Analysis Findings

Abstract Views: 393  |  PDF Views: 0

Authors

Mamdouh Alenezi
Prince Sultan University, Riyadh,, Saudi Arabia
Mohammad Zarour
Prince Sultan University, Riyadh,, Saudi Arabia
Khawlah Alomar
Prince Sultan University, Riyadh,, Saudi Arabia

Abstract


Open source web applications are really taking over major businesses. The main inspiration claimed for these applications are security, popularity, and availability. In this work, Static analysis of the source code of multiple open-source web applications is performed in order to investigate the security vulnerabilities of these applications. The applications and static analysis tools are selected from open source community based on defined criteria of a number of downloads per week and user reviews. The results achieved are validated through both manual and automated inspections. It was found that most of the open source applications suffer from security issues and common vulnerabilities such as Cross-Site Scripting (XSS), access-modifiers and HTTP response splitting. After a detailed analysis of the results of different open source applications, the ischolar_main causes identified were lack of programming experience, usage of customized programming constructs, instead of built-in constructs and lack of coding standards.

Keywords


Open Source, Security, Vulnerabilities, Web Applications.

References