Static security evaluation of an industrial web application
- JavaScript is the most popular programming language for web applications. Static analysis of JavaScript applications is highly challenging due to its dynamic language constructs and event-driven asynchronous executions, which also give rise to many security-related bugs. Several static analysis tools to detect such bugs exist, however, research has not yet reported much on the precision and scalability trade-off of these analyzers. As a further obstacle, JavaScript programs structured in Node. js modules need to be collected for analysis, but existing bundlers are either specific to their respective analysis tools or not particularly suitable for static analysis.
| Author details: | Gebrehiwet B. Welearegai, Max Schlueter, Christian HammerORCiD |
|---|---|
| DOI: | https://doi.org/10.1145/3297280.3297471 |
| ISBN: | 978-1-4503-5933-7 |
| Title of parent work (English): | Proceedings of the 34th ACM/SIGAPP Symposium on Applied Computing |
| Publisher: | Association for Computing Machinery |
| Place of publishing: | New York |
| Publication type: | Other |
| Language: | English |
| Year of first publication: | 2019 |
| Publication year: | 2019 |
| Release date: | 2021/05/12 |
| Tag: | JavaScript; SAFE; WALA; comparison |
| Number of pages: | 10 |
| First page: | 1952 |
| Last Page: | 1961 |
| Funding institution: | German Federal Ministry of Education and Research (BMBF)Federal Ministry of Education & Research (BMBF) [16KIS0440] |
| Organizational units: | Digital Engineering Fakultät / Hasso-Plattner-Institut für Digital Engineering GmbH |
| DDC classification: | 0 Informatik, Informationswissenschaft, allgemeine Werke / 00 Informatik, Wissen, Systeme / 000 Informatik, Informationswissenschaft, allgemeine Werke |
| Peer review: | Referiert |
