Content area

Abstract

Translate

Conference Title: 2023 IEEE International Conference on Data and Software Engineering (ICoDSE)

Conference Start Date: 2023, Sept. 7

Conference End Date: 2023, Sept. 8

Conference Location: Toba, Indonesia

Web-based applications, such as JavaScript-based applications, have vastly grown in scope and features. As web-based applications grow, the potential of vulnerabilities emerging inside such applications also grows. One of the ways to detect vulnerabilities inside web-based applications is to perform a static code analysis. Several static code analysis tools have been developed and are able to detect vulnerabilities inside JavaScript-based applications. However, these tools use abstract syntax tree representations in their analysis, therefore the analysis can't be performed efficiently. This paper proposes a static code analysis to detect vulnerabilities inside JavaScript-based applications using data-flow graph, control-flow graph, and call graph representations. Using taint analysis, a static code analysis tool is able to detect vulnerabilities in the form of command injection, and cross-site scripting (XSS). Test results showed that the static code analysis tool successfully detected vulnerabilities from four open-source projects.

Details

Subject
Static code analysis;
Software engineering;
Injection;
Graphical representations;
JavaScript;
Graph representations
Identifier / keyword
Static program analysis; Code injection; Software engineering; Cross-site scripting; Script; Vulnerability
Title
Detecting Command Injection and Cross-site Scripting Vulnerabilities Using Graph Representations
Author
Fernaldy, Kevin 1 ; Yudistira Dwi Wardhana Asnar 1 

 School of Electrical Engineering and Informatics, Institut Teknologi Bandung,Bandung,Indonesia 
Publication title
The Institute of Electrical and Electronics Engineers, Inc. (IEEE) Conference Proceedings; Piscataway
Source details
2023 IEEE International Conference on Data and Software Engineering (ICoDSE)
Publication year
2023
Publication date
2023
Publisher
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Place of publication
Piscataway
Country of publication
United States
Publication subject
Engineering--Electrical Engineering
Source type
Conference Paper
Language of publication
English
Document type
Conference Proceedings
Publication history
 
 
Online publication date
2023-10-27
Publication history
 
 
   First posting date
27 Oct 2023
DOI
https://doi.org/10.1109/ICoDSE59534.2023.10291446
ProQuest document ID
2882570354
Document URL
https://www.proquest.com/conference-papers-proceedings/detecting-command-injection-cross-site-scripting/docview/2882570354/se-2?accountid=208611
Copyright
Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2023
Last updated
2024-10-03
Database
ProQuest One Academic