Efficient Code Clone Analysis to Detect Vulnerability in Dynamic Web Applications

Authors

  • Vineetha KR Affiliated To Bharathiar University, Coimbatore & Approved By Govt. Of Tamil Nadu
  • N Santhana Krishna Affiliated To Bharathiar University, Coimbatore & Approved By Govt. Of Tamil Nadu

Keywords:

Vulnerability Detection, Code Clone, Dynamic Webpages, Duplication

Abstract

In this system an approach to clone analysis and Vulnerability detection for Web applications has been proposed together with a prototype implementation for web pages. Our approach analyzes the page structure, implemented by specific sequences of HTML tags, and the content displayed for both dynamic and static pages. Moreover, for a pair of web pages we also consider the similarity degree of their java source. The similarity degree can be adapted and tuned in a simple way for different web applications. We have reported the results of applying our approach and tool in a case study. The results have confirmed that the lack of analysis and design of the Web application has effect on the duplication of the pages. In particular, these results allowed us to identify some common features for the web pages that could be integrated, by deleting the duplications and code clones. Moreover, the clone analysis and Vulnerability detection of the pages enabled to acquire information to improve the general quality and conceptual/design of the database of the web application. Indeed, we plan to exploit the results of the code clone analysis method to support web application reengineering activities.

References

J. Anvik, L. Hiew, and G.C. Murphy, “Coping with an Open Vulnerability Repository,” Proc. OOPSLA Workshop Eclipse Technology eXchange, 2005.

J. Anvik, L. Hiew, and G.C. Murphy, “Who Should Fix This Vulnerability?” Proc. 28th Int’l Conf. Software Eng. (ICSE ’06), 2006.

N. Bettenburg, R. Premraj, T. Zimmermann, and S. Kim, “Duplicate Vulnerability Reports Considered Harmful; Really?” Proc. IEEE 24th Int’l Conf. Software Maintenance (ICSM ’08), 2008.

J. Davidson, N. Mohan, and C. Jensen, “Coping with Duplicate Vulnerability Reports in Free/Open Source Software Projects,” Proc. IEEE Symp. Visual Languages and Human-Centric Computing (VL/HCC ’11), 2011.

P. Runeson, M. Alexandersson, and O. Nyholm, “Detection of Duplicate Defect Reports Using Natural Language Processing,” Proc. 29th Int’l Conf. Software Eng. 2007

A.J. Ko, B.A. Myers, and D.H. Chau, “A Linguistic Analysis of How People Describe Software Problems,” Proc. IEEE Symp. Visual Languages and Human-Centric Computing (VL-HCC ’06), 2006

N. Bettenburg, S. Just, A. Schr€oter, C. Weiss, R. Premraj, and T. Zimmermann, “What Makes a Good Vulnerability Report?” Proc. 16th Int’l Symp. Foundations of Software Eng. (FSE ’08), 2008

S. Breu, R. Premraj, J. Sillito, and T. Zimmermann, “Information Needs in Vulnerability Reports: Improving Cooperation between Developers and Users,” Proc. ACM Conf. Computer Supported Cooperative Work (CSCW ’10), 2010

R.J. Sandusky and L. Gasser, “Negotiation and the Coordination of Information and Activity in Distributed Software Problem Management,” Proc. Int’l ACM SIGGROUP Conf. Supporting Group Work (GROUP ’05), 2005

D. Bertram, A. Voida, S. Greenberg, and R. Walker, “Communication, Collaboration, and Vulnerabilities: The Social Nature of Issue Tracking in Small, Collocated Teams,” Proc. ACM Conf. Computer Supported Cooperative Work (CSCW ’10), 2010.

R. Lotufo, Z.Malik, andK. Czarnecki, “Modelling the ‘Hurried’ Vulnerability Report Reading Process to Summarize Vulnerability Reports,” Proc. IEEE 28th Int’l Conf. Software Maintenance (ICSM’12), 2012.

S. Mani, R. Catherine, V.S. Sinha, and A. Dubey, “AUSUM: Approach for Unsupervised Vulnerability Report Summarization,” Proc. ACM SIGSOFT 20th Int’l Symp. the Foundations of Software Eng. (FSE ’12), article 11, 2012

S. Haiduc, J. Aponte, L. Moreno, and A. Marcus, “On the Use of Automated Text Summarization Techniques for Summarizing Source Code,” Proc. 17th Working Conf. Reverse Eng. (WCRE ’10), pp. 35-44, 2010

G. Sridhara, E. Hill, D. Muppaneni, L. Pollock, and K. Vijay Shanker, “Towards Automatically Generating Summary Comments for Java Methods,” Proc. 25th Int’l Conf. Automated Software Eng. (ASE ’10), pp. 43-52, 2010

Jyotsnamayee Upadhyaya, Namita Panda and Arup Abhinna Acharya “Attack Generation and Vulnerability Discovery in Penetration Testing using Sql Injection ” International Journal of Computer Science and Engineering ,Volume-2, Issue-3 ,E-ISSN: 2347-2693 , 2014

Downloads

Published

2025-11-11

How to Cite

[1]
K. Vineetha and N. Santhana Krishna, “Efficient Code Clone Analysis to Detect Vulnerability in Dynamic Web Applications”, Int. J. Comp. Sci. Eng., vol. 4, no. 11, pp. 57–61, Nov. 2025.

Issue

Vol. 4 No. 11 (2016): IJCSE November Edition

Section

Review Article

License

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Authors contributing to this journal agree to publish their articles under the Creative Commons Attribution 4.0 International License, allowing third parties to share their work (copy, distribute, transmit) and to adapt it, under the condition that the authors are given credit and that in the event of reuse or distribution, the terms of this license are made clear.