Litcius/Paper detail

Extracting taint specifications for JavaScript libraries

Cristian-Alexandru Staicu, Martin Toldam Torp, Max Schäfer, Anders Møller, Michael Pradel

202034 citationsDOIOpen Access PDF

Abstract

Modern JavaScript applications extensively depend on third-party libraries. Especially for the Node.js platform, vulnerabilities can have severe consequences to the security of applications, resulting in, e.g., cross-site scripting and command injection attacks. Existing static analysis tools that have been developed to automatically detect such issues are either too coarse-grained, looking only at package dependency structure while ignoring dataflow, or rely on manually written taint specifications for the most popular libraries to ensure analysis scalability.

Topics & Concepts

Computer scienceJavaScriptTaint checkingProgramming languageDatabaseWorld Wide WebSoftwareAdvanced Malware Detection TechniquesSecurity and Verification in ComputingSoftware Testing and Debugging Techniques