Detecting Command Injection and Cross-site Scripting Vulnerabilities Using Graph Representations
محفوظ في:
| الحاوية / القاعدة: | The Institute of Electrical and Electronics Engineers, Inc. (IEEE) Conference Proceedings (2023) |
|---|---|
| المؤلف الرئيسي: | |
| مؤلفون آخرون: | |
| منشور في: |
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
|
| الموضوعات: | |
| الوصول للمادة أونلاين: | Citation/Abstract |
| الوسوم: |
لا توجد وسوم, كن أول من يضع وسما على هذه التسجيلة!
|
| مستخلص: | Conference Title: 2023 IEEE International Conference on Data and Software Engineering (ICoDSE)Conference Start Date: 2023, Sept. 7 Conference End Date: 2023, Sept. 8 Conference Location: Toba, IndonesiaWeb-based applications, such as JavaScript-based applications, have vastly grown in scope and features. As web-based applications grow, the potential of vulnerabilities emerging inside such applications also grows. One of the ways to detect vulnerabilities inside web-based applications is to perform a static code analysis. Several static code analysis tools have been developed and are able to detect vulnerabilities inside JavaScript-based applications. However, these tools use abstract syntax tree representations in their analysis, therefore the analysis can't be performed efficiently. This paper proposes a static code analysis to detect vulnerabilities inside JavaScript-based applications using data-flow graph, control-flow graph, and call graph representations. Using taint analysis, a static code analysis tool is able to detect vulnerabilities in the form of command injection, and cross-site scripting (XSS). Test results showed that the static code analysis tool successfully detected vulnerabilities from four open-source projects. |
|---|---|
| DOI: | 10.1109/ICoDSE59534.2023.10291446 |
| المصدر: | Science Database |