Detecting Command Injection and Cross-site Scripting Vulnerabilities Using Graph Representations
Tallennettuna:
| Julkaisussa: | The Institute of Electrical and Electronics Engineers, Inc. (IEEE) Conference Proceedings (2023) |
|---|---|
| Päätekijä: | |
| Muut tekijät: | |
| Julkaistu: |
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
|
| Aiheet: | |
| Linkit: | Citation/Abstract |
| Tagit: |
Ei tageja, Lisää ensimmäinen tagi!
|
| Abstrakti: | Conference Title: 2023 IEEE International Conference on Data and Software Engineering (ICoDSE)Conference Start Date: 2023, Sept. 7 Conference End Date: 2023, Sept. 8 Conference Location: Toba, IndonesiaWeb-based applications, such as JavaScript-based applications, have vastly grown in scope and features. As web-based applications grow, the potential of vulnerabilities emerging inside such applications also grows. One of the ways to detect vulnerabilities inside web-based applications is to perform a static code analysis. Several static code analysis tools have been developed and are able to detect vulnerabilities inside JavaScript-based applications. However, these tools use abstract syntax tree representations in their analysis, therefore the analysis can't be performed efficiently. This paper proposes a static code analysis to detect vulnerabilities inside JavaScript-based applications using data-flow graph, control-flow graph, and call graph representations. Using taint analysis, a static code analysis tool is able to detect vulnerabilities in the form of command injection, and cross-site scripting (XSS). Test results showed that the static code analysis tool successfully detected vulnerabilities from four open-source projects. |
|---|---|
| DOI: | 10.1109/ICoDSE59534.2023.10291446 |
| Lähde: | Science Database |