Abstract:
Precise and efficient detection of security vulnerabilities in Web applications holds significant research value. Java Web applications, due to their complexity, diversity, and dynamic nature, present key challenges for vulnerability detection. First, the combination of multiple components and frameworks in Java Web applications increases the complexity of potential vulnerabilities. Second, the dynamic features of Java Web, such as polymorphism, reflection, and dynamic object loading, make it difficult for static analysis tools to capture vulnerabilities. Lastly, methods that rely solely on dynamic or static detection struggle to meet the demands for efficient batch processing given the rapid growth of codebases. To address these issues, this paper proposes a unified frontend and backend analysis method for web vulnerability mining. It leverages frontend parsing to extract tainted source information to aid backend analysis for pruning, thereby enhancing vulnerability coverage and detection performance. Simultaneously, during vulnerability mining, the method utilizes both static and dynamic program information for code modeling. It integrates data flow analysis, tainted analysis, symbolic execution, and lightweight dynamic solving techniques to complete vulnerability mining and validation, leading to significant improvements in effectiveness with minimal overhead. The proposed method is experimentally evaluated on 105 Java web vulnerabilities, including CVE vulnerabilities, open-source CMS, and community applications, demonstrating the effectiveness of each module and the overall capability in discovering
vulnerabilities effectively.