Detecting Command Injection and Cross-site Scripting Vulnerabilities Using Graph Representations
Guardado en:
| Publicado en: | The Institute of Electrical and Electronics Engineers, Inc. (IEEE) Conference Proceedings (2023) |
|---|---|
| Autor principal: | |
| Otros Autores: | |
| Publicado: |
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
|
| Materias: | |
| Acceso en línea: | Citation/Abstract |
| Etiquetas: |
Sin Etiquetas, Sea el primero en etiquetar este registro!
|
| Resumen: | Conference Title: 2023 IEEE International Conference on Data and Software Engineering (ICoDSE)Conference Start Date: 2023, Sept. 7 Conference End Date: 2023, Sept. 8 Conference Location: Toba, IndonesiaWeb-based applications, such as JavaScript-based applications, have vastly grown in scope and features. As web-based applications grow, the potential of vulnerabilities emerging inside such applications also grows. One of the ways to detect vulnerabilities inside web-based applications is to perform a static code analysis. Several static code analysis tools have been developed and are able to detect vulnerabilities inside JavaScript-based applications. However, these tools use abstract syntax tree representations in their analysis, therefore the analysis can't be performed efficiently. This paper proposes a static code analysis to detect vulnerabilities inside JavaScript-based applications using data-flow graph, control-flow graph, and call graph representations. Using taint analysis, a static code analysis tool is able to detect vulnerabilities in the form of command injection, and cross-site scripting (XSS). Test results showed that the static code analysis tool successfully detected vulnerabilities from four open-source projects. |
|---|---|
| DOI: | 10.1109/ICoDSE59534.2023.10291446 |
| Fuente: | Science Database |