TY - CHAP U1 - Konferenzveröffentlichung A1 - Schuckert, Felix A1 - Katt, Basel A1 - Langweg, Hanno T1 - Difficult XSS Code Patterns for Static Code Analysis Tools T2 - Computer Security - ESORICS 2019 International Workshops, IOSec, MSTEC, and FINSEC Luxembourg City, Luxembourg, September 26-27, 2019 N2 - We present source code patterns that are difficult for modern static code analysis tools. Our study comprises 50 different open source projects in both a vulnerable and a fixed version for XSS vulnerabilities reported with CVE IDs over a period of seven years. We used three commercial and two open source static code analysis tools. Based on the reported vulnerabilities we discovered code patterns that appear to be difficult to classify by static analysis. The results show that code analysis tools are helpful, but still have problems with specific source code patterns. These patterns should be a focus in training for developers. Y1 - 2020 SN - 978-3-030-42050-5 SB - 978-3-030-42050-5 SN - 978-3-030-42051-2 SB - 978-3-030-42051-2 U6 - https://doi.org/10.1007/978-3-030-42051-2_9 DO - https://doi.org/10.1007/978-3-030-42051-2_9 N1 - Zugriff auf den Volltext im Campusnetz der Hochschule Konstanz möglich. SP - 123 EP - 139 PB - Springer CY - Cham ER -