Paper Abstract and Keywords |
Presentation |
2022-03-08 10:40
DOM-Based XSS Prevention Support System for Developers Using Abstract Syntax Tree Analysis Takashi Nakahara, Syuta Ide, Tatsuya Maeda, Yusuke Hata, Takashi Kobayashi (Kansai Univ.) ICSS2021-72 |
Abstract |
(in Japanese) |
(See Japanese page) |
(in English) |
XSS vulnerability is a vulnerability that allows an attacker to execute arbitrary JavaScript via the vulnerable implementation of a web application, and developers are required to reduce software vulnerabilities. In this paper, we propose a system that warns developers of DOM-Based XSS during the development stage. In the detection of DOM-Based XSS, flow analysis using abstract parse trees improves the detection rate and performance compared to existing dynamic analysis systems using taint propagation. |
Keyword |
(in Japanese) |
(See Japanese page) |
(in English) |
DOM-Based XSS / abstract syntax tree / static analysis / flow analysis / ESLint / / / |
Reference Info. |
IEICE Tech. Rep., vol. 121, no. 410, ICSS2021-72, pp. 78-86, March 2022. |
Paper # |
ICSS2021-72 |
Date of Issue |
2022-02-28 (ICSS) |
ISSN |
Online edition: ISSN 2432-6380 |
Copyright and reproduction |
All rights are reserved and no part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without permission in writing from the publisher. Notwithstanding, instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. (License No.: 10GA0019/12GB0052/13GB0056/17GB0034/18GB0034) |
Download PDF |
ICSS2021-72 |
Conference Information |
Committee |
ICSS IPSJ-SPT |
Conference Date |
2022-03-07 - 2022-03-08 |
Place (in Japanese) |
(See Japanese page) |
Place (in English) |
Online |
Topics (in Japanese) |
(See Japanese page) |
Topics (in English) |
Security, Trust, etc. |
Paper Information |
Registration To |
ICSS |
Conference Code |
2022-03-ICSS-SPT |
Language |
Japanese |
Title (in Japanese) |
(See Japanese page) |
Sub Title (in Japanese) |
(See Japanese page) |
Title (in English) |
DOM-Based XSS Prevention Support System for Developers Using Abstract Syntax Tree Analysis |
Sub Title (in English) |
|
Keyword(1) |
DOM-Based XSS |
Keyword(2) |
abstract syntax tree |
Keyword(3) |
static analysis |
Keyword(4) |
flow analysis |
Keyword(5) |
ESLint |
Keyword(6) |
|
Keyword(7) |
|
Keyword(8) |
|
1st Author's Name |
Takashi Nakahara |
1st Author's Affiliation |
Kansai University (Kansai Univ.) |
2nd Author's Name |
Syuta Ide |
2nd Author's Affiliation |
Kansai University (Kansai Univ.) |
3rd Author's Name |
Tatsuya Maeda |
3rd Author's Affiliation |
Kansai University (Kansai Univ.) |
4th Author's Name |
Yusuke Hata |
4th Author's Affiliation |
Kansai University (Kansai Univ.) |
5th Author's Name |
Takashi Kobayashi |
5th Author's Affiliation |
Kansai University (Kansai Univ.) |
6th Author's Name |
|
6th Author's Affiliation |
() |
7th Author's Name |
|
7th Author's Affiliation |
() |
8th Author's Name |
|
8th Author's Affiliation |
() |
9th Author's Name |
|
9th Author's Affiliation |
() |
10th Author's Name |
|
10th Author's Affiliation |
() |
11th Author's Name |
|
11th Author's Affiliation |
() |
12th Author's Name |
|
12th Author's Affiliation |
() |
13th Author's Name |
|
13th Author's Affiliation |
() |
14th Author's Name |
|
14th Author's Affiliation |
() |
15th Author's Name |
|
15th Author's Affiliation |
() |
16th Author's Name |
|
16th Author's Affiliation |
() |
17th Author's Name |
|
17th Author's Affiliation |
() |
18th Author's Name |
|
18th Author's Affiliation |
() |
19th Author's Name |
|
19th Author's Affiliation |
() |
20th Author's Name |
|
20th Author's Affiliation |
() |
Speaker |
Author-1 |
Date Time |
2022-03-08 10:40:00 |
Presentation Time |
20 minutes |
Registration for |
ICSS |
Paper # |
ICSS2021-72 |
Volume (vol) |
vol.121 |
Number (no) |
no.410 |
Page |
pp.78-86 |
#Pages |
9 |
Date of Issue |
2022-02-28 (ICSS) |
|