Department of Informatics and TelecommunicationsΠληροφορική
Δημήτρης Μητρόπουλος, Επισκέπτης Καθηγητής, Τμήμα Πληροφορικής & Τηλεπικοινωνιών
Αλέξης Δελής, Καθηγητής, Τμήμα Πληροφορικής & Τηλεπικοινωνιών
In the context of this BSc thesis, we have examined a number of scientific tools that
Taint analysis is defined as a type of analysis which concludes if points of the program
that act as entry points for sensitive data are dangerous for the application, by tracking
the flow of such data throughout the program. Such points are called taint sources.
Specifically, taint analysis marks as tainted the variables which have been affected by
user input and tracks them until they reach a sensitive method, called sink. If a tainted
variable reaches such a point, without being properly sanitized first, a vulnerability is
reported. Tainting is the association of some kind of label or mark to sensitive data that
allows the tracking of their flow throughout the program as well as the propagation of
taint to the variables they come across.
The purpose of this research is the thorough research of scientific tools that perform
collection of frameworks and approaches, which developers and enterprises may
incorporate to their defense arsenal, for the inspection of the client-side code of their
web applications, thus negating possible web attacks.
Main subject category:
Technology - Computer science