Publication
Protecting Web applications with secure code by identifying and removing vulnerabilities using similarity techniques
| datacite.subject.fos | Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática | pt_PT |
| dc.contributor.advisor | Medeiros, Ibéria Vitória de Sousa | |
| dc.contributor.advisor | Cogo, Vinicius Vielmo | |
| dc.contributor.author | Prates, David António Cota | |
| dc.date.accessioned | 2025-07-16T13:25:21Z | |
| dc.date.available | 2025-07-16T13:25:21Z | |
| dc.date.issued | 2025 | |
| dc.date.submitted | 2025 | |
| dc.description | Tese de Mestrado, Segurança Informática, 2025, Universidade de Lisboa, Faculdade de Ciências | pt_PT |
| dc.description.abstract | Web applications are frequently targeted due to vulnerabilities in their source code, particularly weaknesses such as Cross-Site Scripting (XSS) and SQL injection (SQLi). When exploited, these vulnerabilities can compromise the confidentiality, integrity, and availability of data, potentially putting users at risk. Given the constant discovery of new security flaws, continuous monitoring is essential. However, remediation teams face significant challenges, as detecting and fixing vulnerabilities is a time-consuming process that can take months, leaving systems exposed to malicious exploitation. Although automated tools exist to detect vulnerabilities, they often provide limited guidance on remediation, offering only vague or insufficient recommendations. As a result, the teams spend additional time identifying appropriate fixes, further delaying the remediation process. To address this issue, this research proposes the development of a tool designed to minimize human intervention in the remediation of vulnerabilities. Specifically, the tool aims to automatically identify and correct security flaws in PHP code. Unlike existing solutions, this project will use Locality Sensitive Hashing (LSH) to detect vulnerabilities based on similarity patterns. This approach enables the identification of both known and structurally similar vulnerabilities, mitigating the risks associated with code modifications, a common tactic used by attackers to evade traditional signature-based detection. Furthermore, the tool is designed to maintain a low false positive rate and to be easily adaptable to the needs of remediation teams. Its modular design allows for future enhancements, ensuring scalability and continuous improvement in vulnerability detection and mitigation. The evaluation performed, which included the comparison to other existing tools, has returned good and promising results. | pt_PT |
| dc.identifier.uri | http://hdl.handle.net/10400.5/102176 | |
| dc.language.iso | eng | pt_PT |
| dc.subject | Correção automática de código | pt_PT |
| dc.subject | Técnicas de similaridade | pt_PT |
| dc.subject | Vulnerabilidades Web | pt_PT |
| dc.subject | Correção de código | pt_PT |
| dc.subject | Deteção de código | pt_PT |
| dc.subject | Teses de mestrado - 2025 | pt_PT |
| dc.title | Protecting Web applications with secure code by identifying and removing vulnerabilities using similarity techniques | pt_PT |
| dc.type | master thesis | |
| dspace.entity.type | Publication | |
| rcaap.rights | openAccess | pt_PT |
| rcaap.type | masterThesis | pt_PT |
| thesis.degree.name | Mestrado em Segurança Informática | pt_PT |