Efficiently computing static single assignment form and the control dependence graph
ACM Transactions on Programming Languages and Systems (TOPLAS)
Precise interprocedural dataflow analysis via graph reachability
POPL '95 Proceedings of the 22nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Proceedings of the ACM SIGPLAN 1999 conference on Programming language design and implementation
Flow-sensitive type qualifiers
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Introduction to Automata Theory, Languages and Computability
Introduction to Automata Theory, Languages and Computability
XDuce: A Typed XML Processing Language (Preliminary Report)
Selected papers from the Third International Workshop WebDB 2000 on The World Wide Web and Databases
An efficient compiler for weighted rewrite rules
ACL '96 Proceedings of the 34th annual meeting on Association for Computational Linguistics
Securing web application code by static analysis and runtime protection
Proceedings of the 13th international conference on World Wide Web
Cloning-based context-sensitive pointer alias analysis using binary decision diagrams
Proceedings of the ACM SIGPLAN 2004 conference on Programming language design and implementation
Static Checking of Dynamically Generated Queries in Database Applications
Proceedings of the 26th International Conference on Software Engineering
Static approximation of dynamically generated Web pages
WWW '05 Proceedings of the 14th international conference on World Wide Web
Context-sensitive program analysis as database queries
Proceedings of the twenty-fourth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
Detecting Malicious JavaScript Code in Mozilla
ICECCS '05 Proceedings of the 10th IEEE International Conference on Engineering of Complex Computer Systems
Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Precise alias analysis for static detection of web application vulnerabilities
Proceedings of the 2006 workshop on Programming languages and analysis for security
Noxes: a client-side solution for mitigating cross-site scripting attacks
Proceedings of the 2006 ACM symposium on Applied computing
JavaScript instrumentation for browser security
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Sound and precise analysis of web applications for injection vulnerabilities
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Finding security vulnerabilities in java applications with static analysis
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Static detection of security vulnerabilities in scripting languages
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
BrowserShield: vulnerability-driven filtering of dynamic HTML
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Precise analysis of string expressions
SAS'03 Proceedings of the 10th international conference on Static analysis
Finding bugs in dynamic web applications
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
XSS-GUARD: Precise Dynamic Prevention of Cross-Site Scripting Attacks
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Security benchmarking using partial verification
HOTSEC'08 Proceedings of the 3rd conference on Hot topics in security
Characterizing insecure javascript practices on the web
Proceedings of the 18th international conference on World wide web
Staged information flow for javascript
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
TAJ: effective taint analysis of web applications
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
A decision procedure for subset constraints over regular languages
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Automatic creation of SQL Injection and cross-site scripting attacks
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
Locating need-to-translate constant strings for software internationalization
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
HAMPI: a solver for string constraints
Proceedings of the eighteenth international symposium on Software testing and analysis
On the Effectiveness of Software Diversity: A Systematic Study on Real-World Vulnerabilities
DIMVA '09 Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Automated security testing of web widget interactions
Proceedings of the the 7th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
MUTEC: Mutation-based testing of Cross Site Scripting
IWSESS '09 Proceedings of the 2009 ICSE Workshop on Software Engineering for Secure Systems
Automatic Detection for JavaScript Obfuscation Attacks in Web Pages through String Pattern Analysis
FGIT '09 Proceedings of the 1st International Conference on Future Generation Information Technology
Higher-order multi-parameter tree transducers and recursion schemes for program verification
Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Towards security testing with taint analysis and genetic algorithms
Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems
Client-side detection of XSS worms by monitoring payload propagation
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Dartmouth internet security testbed (DIST: building a campus-wide wireless testbed
CSET'09 Proceedings of the 2nd conference on Cyber security experimentation and test
Solving string constraints lazily
Proceedings of the IEEE/ACM international conference on Automated software engineering
Proceedings of the second annual workshop on Security and privacy in medical and home-care systems
Locating need-to-translate constant strings in web applications
Proceedings of the eighteenth ACM SIGSOFT international symposium on Foundations of software engineering
Taxonomy and classification of automatic monitoring of program security vulnerability exploitations
Journal of Systems and Software
An investigation of hotlinking and its countermeasures
Computer Communications
WebAppArmor: a framework for robust prevention of attacks on web applications
ICISS'10 Proceedings of the 6th international conference on Information systems security
SessionShield: lightweight protection against session hijacking
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Statically locating web application bugs caused by asynchronous calls
Proceedings of the 20th international conference on World wide web
Relational string verification using multi-track automata
CIAA'10 Proceedings of the 15th international conference on Implementation and application of automata
Patching vulnerabilities with sanitization synthesis
Proceedings of the 33rd International Conference on Software Engineering
Systematizing security test case planning using functional requirements phrases
Proceedings of the 33rd International Conference on Software Engineering
Saving the world wide web from vulnerable JavaScript
Proceedings of the 2011 International Symposium on Software Testing and Analysis
Static detection of access control vulnerabilities in web applications
SEC'11 Proceedings of the 20th USENIX conference on Security
HAMPI: a string solver for testing, analysis and vulnerability detection
CAV'11 Proceedings of the 23rd international conference on Computer aided verification
Checking enforcement of integrity constraints in database applications based on code patterns
Journal of Systems and Software
Preventing web application injections with complementary character coding
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Crouching tiger - hidden payload: security risks of scalable vectors graphics
Proceedings of the 18th ACM conference on Computer and communications security
BLOCK: a black-box approach for detection of state violation attacks towards web applications
Proceedings of the 27th Annual Computer Security Applications Conference
Automated removal of cross site scripting vulnerabilities in web applications
Information and Software Technology
Secure code generation for web applications
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
IceShield: detection and mitigation of malicious websites with a frozen DOM
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
Quo vadis? a study of the evolution of input validation vulnerabilities in web applications
FC'11 Proceedings of the 15th international conference on Financial Cryptography and Data Security
Mitigating program security vulnerabilities: Approaches and challenges
ACM Computing Surveys (CSUR)
Automated code injection prevention for web applications
TOSCA'11 Proceedings of the 2011 international conference on Theory of Security and Applications
Auto-locating and fix-propagating for HTML validation errors to PHP server-side code
ASE '11 Proceedings of the 2011 26th IEEE/ACM International Conference on Automated Software Engineering
An empirical analysis of input validation mechanisms in web applications and languages
Proceedings of the 27th Annual ACM Symposium on Applied Computing
Hash-flow taint analysis of higher-order programs
Proceedings of the 7th Workshop on Programming Languages and Analysis for Security
Proceedings of the 2012 International Symposium on Software Testing and Analysis
Automated repair of HTML generation errors in PHP applications using string constraint solving
Proceedings of the 34th International Conference on Software Engineering
Automated detection of client-state manipulation vulnerabilities
Proceedings of the 34th International Conference on Software Engineering
Verifying client-side input validation functions using string analysis
Proceedings of the 34th International Conference on Software Engineering
Proceedings of the 34th International Conference on Software Engineering
Supporting automated vulnerability analysis using formalized vulnerability signatures
Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering
XSS-Dec: a hybrid solution to mitigate cross-site scripting attacks
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
HAMPI: A solver for word equations over strings, regular expressions, and context-free grammars
ACM Transactions on Software Engineering and Methodology (TOSEM)
CHEX: statically vetting Android apps for component hijacking vulnerabilities
Proceedings of the 2012 ACM conference on Computer and communications security
Automating presentation changes in dynamic web applications via collaborative hybrid analysis
Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering
Proceedings of the 2012 workshop on New security paradigms
SQL injection detection via program tracing and machine learning
IDCS'12 Proceedings of the 5th international conference on Internet and Distributed Computing Systems
VAM-aaS: online cloud services security vulnerability analysis and mitigation-as-a-service
WISE'12 Proceedings of the 13th international conference on Web Information Systems Engineering
ANDROMEDA: accurate and scalable security analysis of web applications
FASE'13 Proceedings of the 16th international conference on Fundamental Approaches to Software Engineering
A measurement study of insecure javascript practices on the web
ACM Transactions on the Web (TWEB)
Analyzing and defending against web-based malware
ACM Computing Surveys (CSUR)
Information and Software Technology
A survey on server-side approaches to securing web applications
ACM Computing Surveys (CSUR)
Automata-based symbolic string analysis for vulnerability detection
Formal Methods in System Design
| Hi-index | 0.00 |
Web applications support many of our daily activities, but they often have security problems, and their accessibility makes them easy to exploit. In cross-site scripting (XSS), an attacker exploits the trust a web client (browser) has for a trusted server and executes injected script on the browser with the server's privileges. In 2006, XSS constituted the largest class of newly reported vulnerabilities making it the most prevalent class of attacks today. Web applications have XSS vulnerabilities because the validation they perform on untrusted input does not suffice to prevent that input from invoking a browser's JavaScript interpreter, and this validation is particularly difficult to get right if it must admit some HTML mark-up. Most existing approaches to finding XSS vulnerabilities are taint-based and assume input validation functions to be adequate, so they either miss real vulnerabilities or report many false positives. This paper presents a static analysis for finding XSS vulnerabilities that directly addresses weak or absent input validation. Our approach combines work on tainted information flow with string analysis. Proper input validation is difficult largely because of the many ways to invoke the JavaScript interpreter; we face the same obstacle checking for vulnerabilities statically, and we address it by formalizing a policy based on the W3C recommendation, the Firefox source code, and online tutorials about closed-source browsers. We provide effective checking algorithms based on our policy. We implement our approach and provide an extensive evaluation that finds both known and unknown vulnerabilities in real-world web applications.