Volume 8 Number 10 (Oct. 2013)
Home > Archive > 2013 > Volume 8 Number 10 (Oct. 2013) >
JSW 2013 Vol.8(10): 2412-2424 ISSN: 1796-217X
doi: 10.4304/jsw.8.10.2412-2424

Identification and Removal of Software Security Vulnerabilities using Source Code Analysis: A Case Study on a Java File Writer Program with Password Validation Features

Natarajan Meghanathan
Department of Computer Science, Jackson State University, Jackson, MS 39217, USA

Abstract—We illustrate the use of source code analysis to identify and remove the following software security vulnerabilities: (i) Hardcoded Password, (ii) Empty Password Initialization, (iii) Denial of Service, (iv) System Information Leak, (v) Unreleased Resource and (vi) Path Manipulation. We propose one or more solution approaches to remove or at least mitigate each of these vulnerabilities that have the potential to significantly impact the security of software programs if they are left unattended. In this context, we conduct an exhaustive source code analysis of a file writer program, developed in Java, embedded with features for password validation in order to illustrate the Hardcoded password and Empty password initialization vulnerabilities. We also illustrate the occurrence of one or more new vulnerabilities as a result of incorporating a patch (code) to remove an existing vulnerability. Our solution approaches to remove the above vulnerabilities can also be adapted to other high-level programming languages like C/C++. We use the Fortify Source Code Analyzer (SCA) software to conduct the automated source code analysis of the file writer program to test for software security, including both identification and removal of the vulnerabilities.

Index Terms—Software Security, Vulnerability, Source Code Analysis, Password Validation, Information Leak, Unreleased Resource, Path Manipulation.

[PDF]

Cite: Natarajan Meghanathan, "Identification and Removal of Software Security Vulnerabilities using Source Code Analysis: A Case Study on a Java File Writer Program with Password Validation Features," Journal of Software vol. 8, no. 10, pp. 2412-2424, 2013.

General Information

ISSN: 1796-217X
Frequency: Monthly
Editor-in-Chief: Prof. Antanas Verikas
Executive Editor: Ms. Yoyo Y. Zhou
Abstracting/ Indexing: DBLP, EBSCO, ProQuest, INSPEC, ULRICH's Periodicals Directory, WorldCat, CNKI,etc
E-mail: jsw@iap.org
  • Jan 11, 2019 News!

    Papers published in JSW Vol. 13, No. 1- Vol. 13 No. 12 have been indexed by DBLP.    [Click]

  • Aug 24, 2018 News!

    Vol.12, No.8- Vol.13, No.5 has been indexed by EI (Inspec).   [Click]

  • Aug 01, 2018 News!

    [CFP] 2019 the annual meeting of JSW Editorial Board, ICCSM 2019, will be held in Barcelona, Spain, July 14-16, 2019.   [Click]

  • Jan 15, 2019 News!

    Welcome Prof. Timothy J Arndt from USA to join the Editorial board of JSW   [Click]

  • Jan 11, 2019 News!

    The papers published in Vol.14, No. 1 have all received dois from Crossref.