CWE Pattern Recognition Algorithm in Any-Language Source Code

EasyChair Preprint 2147

Abstract

Source code became one of the backbones for business and personal processes, with significant growth rate. As applications are one of the most used attack surfaces against individuals and organizations from all sectors, their intrinsic vulnerability arising from the supporting source code must be reduced by design. Currently there are technology providers and open communities which provide Static Analysis Security Testing (SAST) solutions, able to detect vulnerabilities in code written in the most used programming languages and development frameworks.

The proposed solution consists of a Code Analysis Module that can identifies vulnerability patterns in source code written in languages with less coverage, including code developed in languages which have not been previously learned by the solution. The ability of understanding and transforming unknown programming languages to the Intermediate Representation, which is then analyzed by a common machine learning algorithm for vulnerability patterns, is core idea for this research project.

Keyphrases: Application Security, Software Vulnerabilities, static analysis, vulnerability detection

@booklet{EasyChair:2147,
  author    = {Sergiu Zaharia},
  title     = {CWE Pattern Recognition Algorithm in Any-Language Source Code},
  howpublished = {EasyChair Preprint 2147},
  year      = {EasyChair, 2019}}