Toward Analysis and Bug Finding in Java']JavaScript Web Applications in the Wild

被引：5

作者：

Ryu, Sukyoung ^{[1
]}

Park, Jihyeok ^{[1
]}

Park, Joonyoung ^{[1
]}

机构：

[1] Korea Adv Inst Sci & Technol, Sch Comp, Daejeon, South Korea

来源：

IEEE SOFTWARE | 2019年 / 36卷 / 03期

基金：

新加坡国家研究基金会;

关键词：

STATIC ANALYSIS;

D O I：

10.1109/MS.2018.110113408

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

We present our journey to analyze and find bugs in JavaScript web applications in the wild. We describe technical challenges in analyzing them and our solutions to address the challenges via a series of open source analysis frameworks, the scalable analysis framework for ECMAScript (SAFE) family.

引用

页码：74 / 82

页数：9

共 49 条

[21] JS']JSWhiz Static Analysis for Java']JavaScript Memory Leaks
Pienaar, Jacques A.
Hundt, Robert
PROCEEDINGS OF THE 2013 IEEE/ACM INTERNATIONAL SYMPOSIUM ON CODE GENERATION AND OPTIMIZATION (CGO), 2013, : 313 - 323
[22] Detecting malicious Java']JavaScript code based on semantic analysis
Fang, Yong
Huang, Cheng
Su, Yu
Qiu, Yaoyao
COMPUTERS & SECURITY, 2020, 93
[23] Automatic Modeling of Opaque Code for Java']JavaScript Static Analysis
Park, Joonyoung
Jordan, Alexander
Ryu, Sukyoung
FUNDAMENTAL APPROACHES TO SOFTWARE ENGINEERING (FASE 2019), 2019, 11424 : 43 - 60
[24] On Detecting and Measuring Exploitable Java']JavaScript Functions in Real-world Applications
Kluban, Maryna
Mannan, Mohammad
Youssef, Amr
ACM TRANSACTIONS ON PRIVACY AND SECURITY, 2024, 27 (01)
[25] Points-to Analysis for Context-Oriented Java']JavaScript Programs
Cardenas, Sergio
Leger, Paul
Fukuda, Hiroaki
Cardozo, Nicolas
PROCEEDINGS OF THE 25TH ACM INTERNATIONAL WORKSHOP ON FORMAL TECHNIQUES FOR JAVA-LIKE PROGRAMS, FTFJP 2023, 2023, : 18 - 24
[26] Efficient Static Vulnerability Analysis for Java']JavaScript with Multiversion Dependency Graphs
Ferreira, Mafalda
Monteiro, Miguel
Brito, Tiago
Coimbra, Miguel E.
Santos, Nuno
Jia, Limin
Fragoso Santos, Jose
PROCEEDINGS OF THE ACM ON PROGRAMMING LANGUAGES-PACMPL, 2024, 8 (PLDI):
[27] Improving Precision of Java']JavaScript Program Analysis with an Extended Domain of Intervals
Younang, Astrid
Lu, Lunjin
IEEE 39TH ANNUAL COMPUTER SOFTWARE AND APPLICATIONS CONFERENCE WORKSHOPS (COMPSAC 2015), VOL 3, 2015, : 441 - 446
[28] Weakly sensitive analysis for Java']JavaScript object-manipulating programs
Ko, Yoonseok
Rival, Xavier
Ryu, Sukyoung
SOFTWARE-PRACTICE & EXPERIENCE, 2019, 49 (05): : 840 - 884
[29] A novel analysis space for pointer analysis and its application for bug finding
Buss, Marcio
Brand, Daniel
Sreedhar, Vugranam
Edwards, Stephen A.
SCIENCE OF COMPUTER PROGRAMMING, 2010, 75 (11) : 921 - 942
[30] DSD-Crasher: A hybrid analysis tool for bug finding
Csallner, Christoph
Smaragdakis, Yannis
Xie, Tao
ACM TRANSACTIONS ON SOFTWARE ENGINEERING AND METHODOLOGY, 2008, 17 (02)

← 1 2 3 4 5 →