Automatic repair of OWASP Top 10 security vulnerabilities: A survey

Automatic repair of OWASP Top 10 security vulnerabilities: A survey

연구 분야: Infrastructure

학회: ICSEW'20: Proceedings of the IEEE/ACM 42nd International Conference on Software Engineering Workshops

Current work on automatic program repair has not focused on actually prevalent vulnerabilities in web applications, such as described in the OWASP Top 10 categories, leading to a scarcely explored field, which in turn leads to a gap between industry needs and research efforts. In order to assess the extent of this gap, we have surveyed and analyzed the literature on fully automatic source-code manipulating program repair of OWASP Top 10 vulnerabilities, as well as their corresponding test suites. We find that there is a significant gap in the coverage of the OWASP Top 10 vulnerabilities, and that the test suites used to test the analyzed approaches are highly inadequate. Few approaches cover multiple OWASP Top 10 vulnerabilities, and there is no combination of existing test suites that achieves a total coverage of OWASP Top 10.