TESTING OF VULNERABLE SOURCE CODE IN WEB APPLICATIONS

The security of web application is a a main problem nowadays. This occurs due to code which are sometimes vulnerable, written in unsafe languages like PHP. Source code static analysis tools and Data mining tools are a solution to find vulnerabilities. There are some techniques generated to remove these vulnerabilities like static analysis tools and data mining. These techniques has successfully detected the vulnerabilities and also removed the vulnerabilities occurring in these languages. But the problem arises due to false positives i.e if any vulnerability has occurred but actually it is not the vulnerability in real fact e.g SQL Injection then in this study testing is performed to checked whether the detected vulnerability is really the vulnerability or it has occurred due to false positives in an application. This study also creates the report of this process.