Detecting Command Injection and Cross-site Scripting Vulnerabilities Using Graph Representations
Uloženo v:
| Vydáno v: | The Institute of Electrical and Electronics Engineers, Inc. (IEEE) Conference Proceedings (2023) |
|---|---|
| Hlavní autor: | |
| Další autoři: | |
| Vydáno: |
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
|
| Témata: | |
| On-line přístup: | Citation/Abstract |
| Tagy: |
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
|
MARC
| LEADER | 00000nab a2200000uu 4500 | ||
|---|---|---|---|
| 001 | 2882570354 | ||
| 003 | UK-CbPIL | ||
| 024 | 7 | |a 10.1109/ICoDSE59534.2023.10291446 |2 doi | |
| 035 | |a 2882570354 | ||
| 045 | 2 | |b d20230101 |b d20231231 | |
| 084 | |a 228229 |2 nlm | ||
| 100 | 1 | |a Fernaldy, Kevin |u School of Electrical Engineering and Informatics, Institut Teknologi Bandung,Bandung,Indonesia | |
| 245 | 1 | |a Detecting Command Injection and Cross-site Scripting Vulnerabilities Using Graph Representations | |
| 260 | |b The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |c 2023 | ||
| 513 | |a Conference Proceedings | ||
| 520 | 3 | |a Conference Title: 2023 IEEE International Conference on Data and Software Engineering (ICoDSE)Conference Start Date: 2023, Sept. 7 Conference End Date: 2023, Sept. 8 Conference Location: Toba, IndonesiaWeb-based applications, such as JavaScript-based applications, have vastly grown in scope and features. As web-based applications grow, the potential of vulnerabilities emerging inside such applications also grows. One of the ways to detect vulnerabilities inside web-based applications is to perform a static code analysis. Several static code analysis tools have been developed and are able to detect vulnerabilities inside JavaScript-based applications. However, these tools use abstract syntax tree representations in their analysis, therefore the analysis can't be performed efficiently. This paper proposes a static code analysis to detect vulnerabilities inside JavaScript-based applications using data-flow graph, control-flow graph, and call graph representations. Using taint analysis, a static code analysis tool is able to detect vulnerabilities in the form of command injection, and cross-site scripting (XSS). Test results showed that the static code analysis tool successfully detected vulnerabilities from four open-source projects. | |
| 653 | |a Static code analysis | ||
| 653 | |a Software engineering | ||
| 653 | |a Injection | ||
| 653 | |a Graphical representations | ||
| 653 | |a JavaScript | ||
| 653 | |a Graph representations | ||
| 653 | |a Environmental | ||
| 700 | 1 | |a Yudistira Dwi Wardhana Asnar |u School of Electrical Engineering and Informatics, Institut Teknologi Bandung,Bandung,Indonesia | |
| 773 | 0 | |t The Institute of Electrical and Electronics Engineers, Inc. (IEEE) Conference Proceedings |g (2023) | |
| 786 | 0 | |d ProQuest |t Science Database | |
| 856 | 4 | 1 | |3 Citation/Abstract |u https://www.proquest.com/docview/2882570354/abstract/embedded/L8HZQI7Z43R0LA5T?source=fedsrch |