Framework for Inspection-Based: Checking the Effectiveness and Efficiency in PHP Source Code
Keywords:Code Inspection, Logical Errors, PHP, SQL Injections,
AbstractCode inspection process is one of the software inspection processes that is used to find faults, check, increase, and maintain the quality of the software. Typically, the source code inspection process will be conducted in order to find sources code-related issues such as Logical Errors, and Structured Query Language (SQL) Injections. Currently, source code inspection process is being done manually by the developer which leads to taking a long time to find faults as well as time-delay. Based on the literature reviews that had been done, many researchers have done a lot of work in this domain, but none of them have developed prototype containing Logical Errors and SQL Injections for Hypertext Preprocessor (PHP) structure source code in one prototype. Therefore, this research proposed a framework for identifying Logical Errors and SQL Injections. A prototype is developed to proof the concept of the framework. The proposed framework is evaluated using the prototype in terms of effectiveness and efficiency by comparing the manual code inspection and the prototype-based code inspection. The result shows the prototype-based is more effective and efficient compared to current practice (manual).
O. S. Akinola, and A. O. Osofisan, “An empirical comparative study of checklist- based and ad hoc code reading techniques in a distributed groupware environment,” International Journal of Computer Science and Information Security, vol. 5, no. 1, pp. 25–35, 2009.
A. Bacchelli, and C. Bird, “Expectations, outcomes, and challenges of modern code review,” in Proc. International Conference on Software Engineering, 2013, pp. 712–721.
D. Das, U. Sharma, and D. Bhattacharyya, “An approach to detection of SQL injection attack based on dynamic query matching,” International Journal of Computer, vol. 1, no. 25, pp. 28–34, 2010.
K. Deulkar, J. Kapoor, P. Gaud, and H. Gala, “A novel approach to error detection and correction of c programs using machine learning and data mining,” International Journal on Cybernetics & Informatics, vol. 5, no. 2, pp. 31–39, 2016.
J. G. Ganssle, “A guide to code inspection,” Available at http://www.ganssle.com/Inspections.pdf, Retrieved on 02 June 2017, 2001.
A. Garg, and S. Singh, “A review on web application security vulnerabilities,” International Journal, vol. 3, no. 1, pp. 226, 2013.
M.E. Fagan, “Design and code inspections to reduce errors in program development,” IBM Systems Journal, vol. 15, no.3, pp. 182–211, 1976.
Z. Jingling, and G. Rulin, “A new framework of security vulnerabilities detection in PHP web application,” in Proc. 9th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, 2015, pp. 271–276.
H.V. Nguyen, C. Kästner, and T.N. Nguyen, “Varis: IDE support for embedded client code in PHP web applications,” in Proc. International Conference on Software Engineering, 2015, pp. 693-696.
P. G. Koneri, G. De. Vreede, D. L. Dean, A. L. Fuhling and P. Wolcott, “The design and field evaluation of a repeatable collaborative software code inspection process,” in International Conference on Collaboration and Technology, 2005, pp. 325–340.
A.P.S. Matsunaga, N. Antunes, and R. Moraes, “Coverage metrics and detection of injection vulnerabilities: an experimental study,” in Proc. 12th European Dependable Computing Conference (EDCC), 2016, pp. 45–52.
T. Nguyen and C. Chua, “A logical error detector for novice PHP programmers,” in Proc of IEEE Symposium on Visual Languages and Human-Centric Computing, VL/HCC, 2014, pp. 215–216.
A. Nuc, and C. Ivan, “REVEDERE – Distributed support system for code review process,” International Journal of Computer Application, vol. 115, no.14, pp. 1–6, 2015.
R. O. Oladele, and H. D. Adedayo, “On empirical comparison of checklist-based reading and adhoc reading for code inspection,” International Journal of Computer Application, vol. 87, no. 1, pp. 35– 39, 2014.
Pekeliling, S., and Bil, P. (2013). Pemilikan Kod Sumber (Source Code) dan/atau Intellectual Pemindahan Teknologi (Transfer of Technology) - Pemindahan, 1(iii).
H. Shahriar, S. North, and W. Chen, “Early Detection of Sql Injection Attacks,” International Journal of Network Security and its Application, vol. 5, no. 4, pp. 53–65, 2013.
A. A. M. Sharadqeh, M. Alnaser, O. Al. Heyasat, A. A. Abu-ein, and H. Moh, “Review and measuring the efficiency of SQL injection method in preventing e-mail hacking,” International Journal of Network Security and its Application, vol. 5, no. 6, pp. 337–342, 2012.
C. Sharma and C.S. Jain, “SQL injection attacks on web applications,” International Journal of Advanced Research in Computer Science and Software Engineering, vol. 4, no. 3, 1268–1272, 2014.
G. Stergiopoulos, P. Katsaros, and D. Gritzalis, “Automated detection of logical errors in programs,” in Lecture Notes in Computer Science (LNCS), Springer-Verlag Berlin Heidelberg, vol. 8924, 2014, pp. 35- 51.
H. Uwano, M. Nakamura, A. Monden, and K. Matsumoto, “Analyzing individual performance of source code review using reviewers’ eye movement,” in Proc. Eye Tracking Research & Applications (ETRA), 2006, pp. 133–140.
How to Cite
TRANSFER OF COPYRIGHT AGREEMENT
The manuscript is herewith submitted for publication in the Journal of Telecommunication, Electronic and Computer Engineering (JTEC). It has not been published before, and it is not under consideration for publication in any other journals. It contains no material that is scandalous, obscene, libelous or otherwise contrary to law. When the manuscript is accepted for publication, I, as the author, hereby agree to transfer to JTEC, all rights including those pertaining to electronic forms and transmissions, under existing copyright laws, except for the following, which the author(s) specifically retain(s):
- All proprietary right other than copyright, such as patent rights
- The right to make further copies of all or part of the published article for my use in classroom teaching
- The right to reuse all or part of this manuscript in a compilation of my own works or in a textbook of which I am the author; and
- The right to make copies of the published work for internal distribution within the institution that employs me
I agree that copies made under these circumstances will continue to carry the copyright notice that appears in the original published work. I agree to inform my co-authors, if any, of the above terms. I certify that I have obtained written permission for the use of text, tables, and/or illustrations from any copyrighted source(s), and I agree to supply such written permission(s) to JTEC upon request.