In this system an approach to clone analysis and Vulnerability detection for Web applications has been proposed together with a prototype implementation for web pages. Our approach analyzes the page structure, implemented by specific sequences of HTML tags, and the content displayed for both dynamic and static pages. Moreover, for a pair of web pages we also consider the similarity degree of their java source. The similarity degree can be adapted and tuned in a simple way for different web applications. We have reported the results of applying our approach and tool in a case study. The results have confirmed that the lack of analysis and design of the Web application has effect on the duplication of the pages. In particular, these results allowed us to identify some common features for the web pages that could be integrated, by deleting the duplications and code clones. Moreover, the clone analysis and Vulnerability detection of the pages enabled to acquire information to improve the general quality and conceptual/design of the database of the web application. Indeed, we plan to exploit the results of the code clone analysis method to support web application reengineering activities.

Vulnerability Detection, Code Clone, Dynamic Webpages, Duplication

[1] J. Anvik, L. Hiew, and G.C. Murphy, �Coping with an Open Vulnerability Repository,� Proc. OOPSLA Workshop Eclipse Technology eXchange, 2005.
[2] J. Anvik, L. Hiew, and G.C. Murphy, �Who Should Fix This Vulnerability?� Proc. 28th Int�l Conf. Software Eng. (ICSE �06), 2006.
[3] N. Bettenburg, R. Premraj, T. Zimmermann, and S. Kim, �Duplicate Vulnerability Reports Considered Harmful; Really?� Proc. IEEE 24th Int�l Conf. Software Maintenance (ICSM �08), 2008.
[4] J. Davidson, N. Mohan, and C. Jensen, �Coping with Duplicate Vulnerability Reports in Free/Open Source Software Projects,� Proc. IEEE Symp. Visual Languages and Human-Centric Computing (VL/HCC �11), 2011.
[5] P. Runeson, M. Alexandersson, and O. Nyholm, �Detection of Duplicate Defect Reports Using Natural Language Processing,� Proc. 29th Int�l Conf. Software Eng. 2007
[6] A.J. Ko, B.A. Myers, and D.H. Chau, �A Linguistic Analysis of How People Describe Software Problems,� Proc. IEEE Symp. Visual Languages and Human-Centric Computing (VL-HCC �06), 2006
[7] N. Bettenburg, S. Just, A. Schr�oter, C. Weiss, R. Premraj, and T. Zimmermann, �What Makes a Good Vulnerability Report?� Proc. 16th Int�l Symp. Foundations of Software Eng. (FSE �08), 2008
[8] S. Breu, R. Premraj, J. Sillito, and T. Zimmermann, �Information Needs in Vulnerability Reports: Improving Cooperation between Developers and Users,� Proc. ACM Conf. Computer Supported Cooperative Work (CSCW �10), 2010
[9] R.J. Sandusky and L. Gasser, �Negotiation and the Coordination of Information and Activity in Distributed Software Problem Management,� Proc. Int�l ACM SIGGROUP Conf. Supporting Group Work (GROUP �05), 2005
[10] D. Bertram, A. Voida, S. Greenberg, and R. Walker, �Communication, Collaboration, and Vulnerabilities: The Social Nature of Issue Tracking in Small, Collocated Teams,� Proc. ACM Conf. Computer Supported Cooperative Work (CSCW �10), 2010.
[11] R. Lotufo, Z.Malik, andK. Czarnecki, �Modelling the �Hurried� Vulnerability Report Reading Process to Summarize Vulnerability Reports,� Proc. IEEE 28th Int�l Conf. Software Maintenance (ICSM�12), 2012.
[12] S. Mani, R. Catherine, V.S. Sinha, and A. Dubey, �AUSUM: Approach for Unsupervised Vulnerability Report Summarization,� Proc. ACM SIGSOFT 20th Int�l Symp. the Foundations of Software Eng. (FSE �12), article 11, 2012
[13] S. Haiduc, J. Aponte, L. Moreno, and A. Marcus, �On the Use of Automated Text Summarization Techniques for Summarizing Source Code,� Proc. 17th Working Conf. Reverse Eng. (WCRE �10), pp. 35-44, 2010
[14] G. Sridhara, E. Hill, D. Muppaneni, L. Pollock, and K. Vijay Shanker, �Towards Automatically Generating Summary Comments for Java Methods,� Proc. 25th Int�l Conf. Automated Software Eng. (ASE �10), pp. 43-52, 2010
[15] Jyotsnamayee Upadhyaya, Namita Panda and Arup Abhinna Acharya �Attack Generation and Vulnerability Discovery in Penetration Testing using Sql Injection � International Journal of Computer Science and Engineering ,Volume-2, Issue-3 ,E-ISSN: 2347-2693 , 2014