Toward Analysis and Bug Finding in Java']JavaScript Web Applications in the Wild

被引：5

作者：

Ryu, Sukyoung ^{[1
]}

Park, Jihyeok ^{[1
]}

Park, Joonyoung ^{[1
]}

机构：

[1] Korea Adv Inst Sci & Technol, Sch Comp, Daejeon, South Korea

来源：

IEEE SOFTWARE | 2019年 / 36卷 / 03期

基金：

新加坡国家研究基金会;

关键词：

STATIC ANALYSIS;

D O I：

10.1109/MS.2018.110113408

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

We present our journey to analyze and find bugs in JavaScript web applications in the wild. We describe technical challenges in analyzing them and our solutions to address the challenges via a series of open source analysis frameworks, the scalable analysis framework for ECMAScript (SAFE) family.

引用

页码：74 / 82

页数：9

共 49 条

[31] Static analysis of Java']JavaScript libraries in a scalable and precise way using loop sensitivity
Park, Changhee
Lee, Hongki
Ryu, Sukyoung
SOFTWARE-PRACTICE & EXPERIENCE, 2018, 48 (04): : 911 - 944
[32] Improving the Security of Downloadable Java']Java Applications With Static Analysis
Cregut, Pierre
Alvarado, Cuihtlauac
ELECTRONIC NOTES IN THEORETICAL COMPUTER SCIENCE, 2005, 141 (01) : 129 - 144
[33] JCIA: A Tool for Change Impact Analysis of Java']Java EE Applications
Le Ba Cuong
Van Son Nguyen
Duc Anh Nguyen
Pham Ngoc Hung
Dinh Hieu Vo
INFORMATION SYSTEMS DESIGN AND INTELLIGENT APPLICATIONS, INDIA 2017, 2018, 672 : 105 - 114
[34] Study of Java']JavaScript Static Analysis Tools for Vulnerability Detection in Node.js']js Packages
Brito, Tiago
Ferreira, Mafalda
Monteiro, Miguel
Lopes, Pedro
Barros, Miguel
Santos, Jose Fragoso
Santos, Nuno
IEEE TRANSACTIONS ON RELIABILITY, 2023, 72 (04) : 1324 - 1339
[35] Static Analysis of Java']Java Enterprise Applications: Frameworks and Caches, the Elephants in the Room
Antoniadis, Anastasios
Filippakis, Nikos
Krishnan, Paddy
Ramesh, Raghavendra
Allen, Nicholas
Smaragdakis, Yannis
PROCEEDINGS OF THE 41ST ACM SIGPLAN CONFERENCE ON PROGRAMMING LANGUAGE DESIGN AND IMPLEMENTATION (PLDI '20), 2020, : 794 - 807
[36] Enhancing Java']Java Web Application Security: Injection Vulnerability Detection via Interprocedural Analysis and Deep Learning
Zhang, Bing
Zhi, Xu
Wang, Meng
Ren, Rong
Dong, Jun
IEEE TRANSACTIONS ON RELIABILITY, 2025,
[37] TAJ: Effective Taint Analysis of Web Applications
Tripp, Omer
Pistoia, Marco
Fink, Stephen
Sridharan, Manu
Weisman, Omri
ACM SIGPLAN NOTICES, 2009, 44 (06) : 87 - 97
[38] TAJ: Effective Taint Analysis of Web Applications
Tripp, Omer
Pistoia, Marco
Fink, Stephen
Sridharan, Manu
Weisman, Omri
PLDI'09 PROCEEDINGS OF THE 2009 ACM SIGPLAN CONFERENCE ON PROGRAMMING LANGUAGE DESIGN AND IMPLEMENTATION, 2009, : 87 - 97
[39] Static and dynamic analysis for web security in industry applications
Wu, Raymond
Hisada, Masayuki
INTERNATIONAL JOURNAL OF ELECTRONIC SECURITY AND DIGITAL FORENSICS, 2010, 3 (02) : 138 - 150
[40] ANDROMEDA: Accurate and Scalable Security Analysis of Web Applications
Tripp, Omer
Pistoia, Marco
Cousot, Patrick
Cousot, Radhia
Guarnieri, Salvatore
FUNDAMENTAL APPROACHES TO SOFTWARE ENGINEERING, FASE 2013, 2013, 7793 : 210 - 225

← 1 2 3 4 5 →