Static security evaluation of an industrial web application
- JavaScript is the most popular programming language for web applications. Static analysis of JavaScript applications is highly challenging due to its dynamic language constructs and event-driven asynchronous executions, which also give rise to many security-related bugs. Several static analysis tools to detect such bugs exist, however, research has not yet reported much on the precision and scalability trade-off of these analyzers. As a further obstacle, JavaScript programs structured in Node. js modules need to be collected for analysis, but existing bundlers are either specific to their respective analysis tools or not particularly suitable for static analysis.
Verfasserangaben: | Gebrehiwet B. Welearegai, Max Schlueter, Christian HammerORCiD |
---|---|
DOI: | https://doi.org/10.1145/3297280.3297471 |
ISBN: | 978-1-4503-5933-7 |
Titel des übergeordneten Werks (Englisch): | Proceedings of the 34th ACM/SIGAPP Symposium on Applied Computing |
Verlag: | Association for Computing Machinery |
Verlagsort: | New York |
Publikationstyp: | Sonstiges |
Sprache: | Englisch |
Jahr der Erstveröffentlichung: | 2019 |
Erscheinungsjahr: | 2019 |
Datum der Freischaltung: | 12.05.2021 |
Freies Schlagwort / Tag: | JavaScript; SAFE; WALA; comparison |
Seitenanzahl: | 10 |
Erste Seite: | 1952 |
Letzte Seite: | 1961 |
Fördernde Institution: | German Federal Ministry of Education and Research (BMBF)Federal Ministry of Education & Research (BMBF) [16KIS0440] |
Organisationseinheiten: | Digital Engineering Fakultät / Hasso-Plattner-Institut für Digital Engineering GmbH |
DDC-Klassifikation: | 0 Informatik, Informationswissenschaft, allgemeine Werke / 00 Informatik, Wissen, Systeme / 000 Informatik, Informationswissenschaft, allgemeine Werke |
Peer Review: | Referiert |