Volltext-Downloads (blau) und Frontdoor-Views (grau)

Difficult XSS Code Patterns for Static Code Analysis Tools

  • We present source code patterns that are difficult for modern static code analysis tools. Our study comprises 50 different open source projects in both a vulnerable and a fixed version for XSS vulnerabilities reported with CVE IDs over a period of seven years. We used three commercial and two open source static code analysis tools. Based on the reported vulnerabilities we discovered code patterns that appear to be difficult to classify by static analysis. The results show that code analysis tools are helpful, but still have problems with specific source code patterns. These patterns should be a focus in training for developers.

Export metadata

Additional Services

Share in Twitter Search Google Scholar

Statistics

frontdoor_oas
Metadaten
Author:Felix Schuckert, Basel Katt, Hanno LangwegORCiDGND
DOI:https://doi.org/10.1007/978-3-030-42051-2_9
ISBN:978-3-030-42050-5
ISBN:978-3-030-42051-2
Parent Title (English):Computer Security - ESORICS 2019 International Workshops, IOSec, MSTEC, and FINSEC Luxembourg City, Luxembourg, September 26-27, 2019
Publisher:Springer
Place of publication:Cham
Document Type:Conference Proceeding
Language:English
Year of Publication:2020
Opac ID:Im Katalog der Hochschule Konstanz ansehen
Release Date:2021/01/08
First Page:123
Last Page:139
Note:
Zugriff auf den Volltext im Campusnetz der Hochschule Konstanz möglich.
Institutes:Fakultät Informatik
Relevance:Peer reviewed nach anderen Listungen (mit Nachweis zum Peer Review Verfahren)
Open Access?:Nein
Licence (English):License LogoLizenzbedingungen Springer