Just In
- 7 hrs ago OnePlus 13 Early Leak Hints at a Revamped Camera Island, and Fast Charging to Remain at 100W
- 9 hrs ago Realme NARZO 70x 5G With 45W Charging Confirmed to Launch on April 24 Under Rs 12,000
- 9 hrs ago Samsung Neo QLED, OLED TVs Launched in India with AI-Driven Features
- 10 hrs ago Google Wallet is Coming to India Soon: Listing Appears on the Play Store
Don't Miss
- Movies Ranam OTT Release Date And Platform: When And Where To Watch Vaibhav Reddy Starrer Movie Online
- Sports Who Won Yesterday's IPL Match 32: GT vs DC, IPL 2024 on April 17 - Delhi Capitals Annihilate Gujarat Titans
- Lifestyle Princess Diana's Iconic Dresses And Accessories Will Get Auctioned For Charity, Know The Details Here!
- Finance 1:2 Stock Split: Record Date On April 24; Buy The Scrip Now To Be Eligible?
- News Delhi Capital's Captain Rishabh Pant Gathers Praise For His Wicketkeeping Skills, Stunning Catch
- Education SCCL Recruitment 2024; Application process, Selection criteria and more
- Automobiles Mahindra 3XO SUV Latest Teaser Reveals Connected Car Tech: All Details Here
- Travel From Coconut Breaking on Head to Men Dressing as Women: 12 Unique Indian Rituals Explored
New system finds security flaws in popular web apps
US researchers have created a new system that can quickly comb through tens of thousands of lines of application code to find security flaws in popular web-based apps.
The system, developed at the Massachusetts Institute of Technology (MIT), uses a technique called static analysis, which seeks to describe, in a very general way, how data flows through a program.
SEE ALSO: 5 Must Read Facts about WhatsApp End-to-End Encryption
"The classic example of this is if you wanted to do an abstract analysis of a program that manipulates integers, you might divide the integers into the positive integers, the negative integers, and zero," said Daniel Jackson, an MIT professor and the co-author of the study.
The static analysis would then evaluate every operation in the program according to its effect on integers' signs. Adding two positives yields a positive; adding two negatives yields a negative; multiplying two negatives yields a positive; and so on.
"The problem with this is that it can't be completely accurate, because you lose information," Jackson said. "If you add a positive and a negative integer, you don't know whether the answer will be positive, negative, or zero. Most work on static analysis is focused on trying to make the analysis more scalable and accurate to overcome those sorts of problems," he added.
SEE ALSO: These are the Top 7 apps to help you find your way back home!
With web applications, however, the cost of accuracy is prohibitively high. "The program under analysis is just huge," he said.
"Even if you wrote a small program, it sits atop a vast edifice of libraries and plug-ins and frameworks. So when you look at something like a web application written in language like Ruby on Rails, if you try to do a conventional static analysis, you typically find yourself mired in this huge bog. And this makes it really infeasible in practice."
That vast edifice of libraries, however, also gave Jackson and his former student Joseph Near, a way to make static analysis of programs written in Ruby on Rails practical. They exploited some peculiarities of the popular web programming framework to develop their system called "Space".
The researchers will present their results at the International Conference on Software Engineering to be held in Austin, Texas, in May this year. In his PhD work, Near used this general machinery to build three different debuggers for Ruby on Rails applications, each requiring different degrees of programmer involvement.
Near identified seven different ways in which web applications typically control access to data. Some data are publicly available, some are available only to users who are currently logged in, some are private to individual users, some users -- administrators -- have access to select aspects of everyone's data, and so on.
For each of these data-access patterns, Near developed a simple logical model that describes what operations a user can perform on what data, under what circumstances. From the descriptions generated by the hacked libraries, Space can automatically determine whether the program adheres to those models.
SEE ALSO: These are the Top 7 apps to help you find your way back home!
If it does not, there's likely to be a security flaw. In tests on 50 popular web applications written using Ruby on Rails, the system found 23 previously undiagnosed security flaws, and it took no more than 64 seconds to analyse any given program.
Source IANS
-
99,999
-
1,29,999
-
69,999
-
41,999
-
64,999
-
99,999
-
29,999
-
63,999
-
39,999
-
1,56,900
-
79,900
-
1,39,900
-
1,29,900
-
65,900
-
1,56,900
-
1,30,990
-
76,990
-
16,499
-
30,700
-
12,999
-
11,999
-
3,999
-
2,500
-
3,599
-
8,893
-
13,999
-
32,999
-
9,990
-
25,377
-
23,490