| Name: | Description: | Size: | Format: | |
|---|---|---|---|---|
| 1.51 MB | Adobe PDF |
Authors
Abstract(s)
Web applications are frequently targeted due to vulnerabilities in their source code, particularly
weaknesses such as Cross-Site Scripting (XSS) and SQL injection (SQLi). When exploited, these
vulnerabilities can compromise the confidentiality, integrity, and availability of data, potentially
putting users at risk. Given the constant discovery of new security flaws, continuous monitoring is
essential. However, remediation teams face significant challenges, as detecting and fixing vulnerabilities is a time-consuming process that can take months, leaving systems exposed to malicious
exploitation. Although automated tools exist to detect vulnerabilities, they often provide limited
guidance on remediation, offering only vague or insufficient recommendations. As a result, the
teams spend additional time identifying appropriate fixes, further delaying the remediation process.
To address this issue, this research proposes the development of a tool designed to minimize
human intervention in the remediation of vulnerabilities. Specifically, the tool aims to automatically identify and correct security flaws in PHP code. Unlike existing solutions, this project will
use Locality Sensitive Hashing (LSH) to detect vulnerabilities based on similarity patterns. This
approach enables the identification of both known and structurally similar vulnerabilities, mitigating the risks associated with code modifications, a common tactic used by attackers to evade
traditional signature-based detection.
Furthermore, the tool is designed to maintain a low false positive rate and to be easily adaptable
to the needs of remediation teams. Its modular design allows for future enhancements, ensuring
scalability and continuous improvement in vulnerability detection and mitigation. The evaluation
performed, which included the comparison to other existing tools, has returned good and promising results.
Description
Tese de Mestrado, Segurança Informática, 2025, Universidade de Lisboa, Faculdade de Ciências
Keywords
Correção automática de código Técnicas de similaridade Vulnerabilidades Web Correção de código Deteção de código Teses de mestrado - 2025