NoTamper: automatic blackbox detection of parameter tampering opportunities in web applications
Proceedings of the 17th ACM conference on Computer and communications security
VEX: vetting browser extensions for security vulnerabilities
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Towards revealing JavaScript program intents using abstract interpretation
Proceedings of the Sixth Asian Internet Engineering Conference
An evaluation of automata algorithms for string analysis
VMCAI'11 Proceedings of the 12th international conference on Verification, model checking, and abstract interpretation
A framework for automated testing of javascript web applications
Proceedings of the 33rd International Conference on Software Engineering
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
Automatic partial loop summarization in dynamic test generation
Proceedings of the 2011 International Symposium on Software Testing and Analysis
Path- and index-sensitive string analysis based on monadic second-order logic
Proceedings of the 2011 International Symposium on Software Testing and Analysis
Saving the world wide web from vulnerable JavaScript
Proceedings of the 2011 International Symposium on Software Testing and Analysis
Towards client-side HTML security policies
HotSec'11 Proceedings of the 6th USENIX conference on Hot topics in security
Fast and precise sanitizer analysis with BEK
SEC'11 Proceedings of the 20th USENIX conference on Security
String abstractions for string verification
Proceedings of the 18th international SPIN conference on Model checking software
A systematic analysis of XSS sanitization in web application frameworks
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
WAPTEC: whitebox analysis of web applications for parameter tampering exploit construction
Proceedings of the 18th ACM conference on Computer and communications security
Tool-supported refactoring for JavaScript
Proceedings of the 2011 ACM international conference on Object oriented programming systems languages and applications
Symbolic finite state transducers: algorithms and applications
POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Proceedings of the 2012 International Symposium on Software Testing and Analysis
Automated repair of HTML generation errors in PHP applications using string constraint solving
Proceedings of the 34th International Conference on Software Engineering
Verifying client-side input validation functions using string analysis
Proceedings of the 34th International Conference on Software Engineering
Don't repeat yourself: automatically synthesizing client-side validation code for web applications
WebApps'12 Proceedings of the 3rd USENIX conference on Web Application Development
Efficient runtime policy enforcement using counterexample-guided abstraction refinement
CAV'12 Proceedings of the 24th international conference on Computer Aided Verification
Establishing browser security guarantees through formal shim verification
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Privilege separation in HTML5 applications
Security'12 Proceedings of the 21st USENIX conference on Security symposium
HAMPI: A solver for word equations over strings, regular expressions, and context-free grammars
ACM Transactions on Software Engineering and Methodology (TOSEM)
Symbolic execution of programs with strings
Proceedings of the South African Institute for Computer Scientists and Information Technologists Conference
TamperProof: a server-agnostic defense for parameter tampering attacks on web applications
Proceedings of the third ACM conference on Data and application security and privacy
AppsPlayground: automatic security analysis of smartphone applications
Proceedings of the third ACM conference on Data and application security and privacy
Unbounded model-checking with interpolation for regular language constraints
TACAS'13 Proceedings of the 19th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Automated testing with targeted event sequence generation
Proceedings of the 2013 International Symposium on Software Testing and Analysis
Practical blended taint analysis for JavaScript
Proceedings of the 2013 International Symposium on Software Testing and Analysis
LogicScope: automatic discovery of logic vulnerabilities within web applications
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
Path sensitive static analysis of web applications for remote code execution vulnerability detection
Proceedings of the 2013 International Conference on Software Engineering
JST: an automatic test generation tool for industrial Java applications with strings
Proceedings of the 2013 International Conference on Software Engineering
State of the art: Dynamic symbolic execution for automated test generation
Future Generation Computer Systems
Server interface descriptions for automated testing of JavaScript web applications
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
Jalangi: a selective record-replay and dynamic analysis framework for JavaScript
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
Z3-str: a z3-based string solver for web application analysis
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
Making automated testing of cloud applications an integral component of PaaS
Proceedings of the 4th Asia-Pacific Workshop on Systems
Analyzing and defending against web-based malware
ACM Computing Surveys (CSUR)
AppIntent: analyzing sensitive data transmission in android for privacy leakage detection
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
deDacota: toward preventing server-side XSS via automatic code and data separation
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Protecting sensitive web content from client-side vulnerabilities with CRYPTONS
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Path- and index-sensitive string analysis based on monadic second-order logic
ACM Transactions on Software Engineering and Methodology (TOSEM) - Testing, debugging, and error handling, formal methods, lifecycle concerns, evolution and maintenance
Generating feature usage scenarios in client-side web applications
ICWE'13 Proceedings of the 13th international conference on Web Engineering
Word equations with length constraints: what's decidable?
HVC'12 Proceedings of the 8th international conference on Hardware and Software: verification and testing
MetaSymploit: day-one defense against script-based attacks with security-enhanced symbolic analysis
SEC'13 Proceedings of the 22nd USENIX conference on Security
A survey on server-side approaches to securing web applications
ACM Computing Surveys (CSUR)
Prototyping symbolic execution engines for interpreted languages
Proceedings of the 19th international conference on Architectural support for programming languages and operating systems
Proceedings of the Eighth International Workshop on Variability Modelling of Software-Intensive Systems
Automata-based symbolic string analysis for vulnerability detection
Formal Methods in System Design
Automated detection of parameter tampering opportunities and vulnerabilities in web applications
Journal of Computer Security
| Hi-index | 0.00 |
As AJAX applications gain popularity, client-side JavaScript code is becoming increasingly complex. However, few automated vulnerability analysis tools for JavaScript exist. In this paper, we describe the first system for exploring the execution space of JavaScript code using symbolic execution. To handle JavaScript code’s complex use of string operations, we design a new language of string constraints and implement a solver for it. We build an automatic end-to-end tool, Kudzu, and apply it to the problem of finding client-side code injection vulnerabilities. In experiments on 18 live web applications, Kudzu automatically discovers 2 previously unknown vulnerabilities and 9 more that were previously found only with a manually-constructed test suite.