Early Vulnerability Detection for Supporting Secure Programming

Dear reader,

I was wondering if you could spend some minutes of your precious time by helping me. As part of my dissertation entitled “Early Vulnerability Detection for Supporting Secure Programming“, I developed an Eclipse plug-in (still just a prototype) that performs security vulnerability detection while the developer is creating/editing the source code.You can install the plug-in as you usually do when working with Eclipse, however, if you have any doubts on “How to Install the plug-in”, there is a How-To in the attached pdf.

The plug-in’s link:
https://marketplace.eclipse.org/content/early-security-vulnerability-detector-esvd/

You can test the plug-in with some of your own projects, however, if you want you can download, import and test a sample project created by me which contains dozens of known security vulnerabilities. More about this project in the attached pdf.

The sample’s link:
http://www.inf.puc-rio.br/~lsampaio/plugin/early_vulnerability_detector/latest/WebDemo.zip

I would really appreciate your feedback on regards to ANYTHING. The images used, the text to inform the vulnerabilities, the options provided by the plug-in, the English words, false positives, false negatives and anything else that comes to your mind.

Supported vulnerabilities:

01 – Command Injection
02 – Cookie Poisoning
03 – Cross-Site Scripting (XSS)
04 – HTTP Response Splitting
05 – LDAP Injection
06 – Log Forging
07 – Path Traversal
08 – Reflection Injection
09 – Security Misconfiguration
10 – SQL Injection
11 – XPath Injection

Tutorials about the plug-in.
How to Install the plug-in / User Interface / WebDemo Project

Thank you in advance,
Luciano Sampaio

Tweet about this on TwitterShare on StumbleUponShare on Google+Share on LinkedInShare on Facebook

10 Responses to “Early Vulnerability Detection for Supporting Secure Programming”

  1. Flavio Says:

    Hi Luciano,
    Downloading the plugin into eclipse Kepler running on Mac OS works fine, even though when I try to download using an eclipse Helios running on Windows 7 the error above happen:

    Unable to connect to repository http://www.inf.puc-rio.br/~lsampaio/plugin/early_vulnerability_detector/latest/content.xml
    Unable to connect to repository http://www.inf.puc-rio.br/~lsampaio/plugin/early_vulnerability_detector/latest/content.xml
    Connection refused: connect

    Is it possible to update the post wih a link to your dissertation?

    Regards
    Flavio

  2. Luciano Sampaio Says:

    Hi Flavio,

    Actually, it only works on Kepler or newer. I use some libraries that are not available on Helios. Sorry!

    About the link to my dissertation, I am still writing it, as soon as I finish it I will make it available, ok! 🙂

    So, do you have any feedback about the plug-in ? Did it find any vulnerabilities in your projects ? Any suggestion ?

    Thank you,
    Luciano Sampaio

  3. Which methods should be considered "Sources", "Sinks" or "Sanitization" ? - The Code Master Says:

    […] Early Vulnerability Detection for Supporting Secure Programming […]

  4. Java Plug-in that checks vulnerability state (Featured Guest) | ODS3 Cyber Security Academy Says:

    […] http://thecodemaster.net/early-vulnerability-detection-supporting-secure-programming/ […]

  5. newbie Says:

    I installed the Plugin in a current Eclipse to check my php code. Sadly, the Security Vulnerability Window stays empty although the plugin is enabled and the code has severe flaws. any idea, why the plugin does not seem to do anything at all?

  6. Luciano Sampaio Says:

    Hi Newbie,

    The current version of the plugin only understands Java. Sorry about that.

    Best regards,
    Luciano Sampaio

  7. Kamal SABBAR Says:

    Hi Luciano,

    I integrated ESVD successfully in my eclipse, it seems interesting.

    Regards.

  8. Luciano Sampaio Says:

    Awesome!!! Let me know what you think! Just remember it is still a prototype, ok ?! 😀

  9. Kamal SABBAR Says:

    Hi Luciano,

    Keep going bro, it is really an interesting project, don’t let it fall apart.

    Good luck,
    Regards.

  10. Sangeetha K Says:

    Hi Luciano,

    I’m using Kepler eclipse, When I try to install the “Early security Vulnerability plugin” from eclipse marketplace, I’m getting the issues as “No repository found at “http://thecodemaster.net/plugin/early_vulnerability_detector/latest/”.

    Can you please help on this.

    Thanks & Regards,
    Sangeetha K

Leave a Reply

Time limit is exhausted. Please reload CAPTCHA.