Over the past few years the landscape of security vulnerabilities has dramatically changed. For all the issues in 1990’s the buffer overruns and string format violation was highly responsible but from the first decade of the new millennium the entire picture began to change. It gave rise to the web-based applications and also became familiar with buffer overruns. Web application vulnerabilities now outnumbered these greatly and cross-site scripting attacks, SQL injections are some of the examples. Since the attacks against financial sites and e-commerce sites these vulnerabilities are highly responsible. It also leads to a loss of million dollars.
The griffin project in this thesis provides a static solution that ranges wide array of web application vulnerabilities. Our target applications that are based on real life web Java. A code is generated on the basis of the description of the vulnerability. This will be followed by strict analysis of the code and thus producing warnings against the vulnerabilities.
The alternative to this method an instrument is specially designed which is a safe and secured version of the original bytecode. It can make use of the standard application along with the other applications. In order to make the vulnerability detection approach more user friendly and extensions the specifications are expressed in the form of a program query language known as PQL.
To all the issues related to web application security this thesis gives a perfect solution. Cross site scripting and SQL injection attacks are common for most of the issues related to to the security application. Client side santization, application are some of the common solutions but they are not adequate to solve these vulnerable issues. The griffin project provides a runtime and static analysis solution for the wide applications of web vulnerabilities. The project enables the user to specify the type of vulnerability they are searching for and these are expressed in PQL language.