Title: Static and dynamic analysis for web security in industry applications

Authors: Raymond Wu, Masayuki Hisada

Addresses: Department of Research and Development, NST, Inc. Aizuwakamatsu, Fukushima, Japan. ' Department of Research and Development, NST, Inc. Aizuwakamatsu, Fukushima, Japan

Abstract: To apply our analysis work in industry security applications, we are investigating semantic metadata and structural syntax analysis. This paper explains how our approaches achieve the goal in terms of static and dynamic analysis by using industry scenarios. To better explain the framework and roadmap, we describe our approaches by using macro and micro views individually. Macro view oversees syntax structure and identification, while micro view envisions metadata messaging and parser automaton. The coherence of macro and micro views forms web security framework in tracking and validation. Our research applies the security service in industry fraud detection. It demonstrates metadata messaging for tracking, and HIPA code generation for validation. This bridges the gap between static and dynamic analysis. This also builds up the foundation of web security governance.

Keywords: vulnerability; web security; static analysis; dynamic analysis; tracking; abstract syntax; electronic security; semantic metadata; structural syntax analysis; syntax structure; syntax identification; metadata messaging; parser automaton; industry fraud detection; HIPA code generation; internet security.

DOI: 10.1504/IJESDF.2010.033782

International Journal of Electronic Security and Digital Forensics, 2010 Vol.3 No.2, pp.138 - 150

Published online: 30 Jun 2010 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article