Show simple item record

dc.contributor.authorAkanmu, Semiu
dc.description.abstractJava developers rely on code reusability because of its time and effort reduction advantage. However, they are exposed to vulnerabilities in publicly available open-source software (OSS) projects. This study employed a multi-stage research approach to investigate the extent to which open-source Java projects are secured. The research process includes text analysis of Java’s Common Vulnerabilities and Exposures (CVE) descriptions and static code analysis using GitHub’s CodeQL. This study found (a) cross-site scripting, (b) buffer overflow (though analyzed as array index out of bounds), (c) data deserialization, (d) input non-validation for an untrusted object, and (e) validation method bypass as the prevalent Java’s vulnerabilities from the MITRE CVEs. The static code analysis of the compatible seven (7) Java projects out of the 100 top projects cloned from GitHub revealed a 71.4% presence of the array index out-of-bounds vulnerability.en_US
dc.publisherNorth Dakota State Universityen_US
dc.rightsNDSU policy 190.6.2en_US
dc.titleAnalysis of Java's Common Vulnerabilities and Exposures in GitHub's Open-Source Projectsen_US
dc.typeThesisen_US
dc.date.accessioned2023-12-07T16:10:37Z
dc.date.available2023-12-07T16:10:37Z
dc.date.issued2022
dc.identifier.urihttps://hdl.handle.net/10365/33288
dc.subjectcommon vulnerabilities and exposureen_US
dc.subjectGitHuben_US
dc.subjectJavaen_US
dc.subjectopen source projectsen_US
dc.subjectStatic Analysisen_US
dc.rights.urihttps://www.ndsu.edu/fileadmin/policy/190.pdfen_US
ndsu.degreeMaster of Science (MS)en_US
ndsu.collegeEngineeringen_US
ndsu.departmentComputer Scienceen_US
ndsu.programComputer Scienceen_US
ndsu.advisorZubair, Malik Muhammad


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record