Volltext-Downloads (blau) und Frontdoor-Views (grau)
  • search hit 14 of 16
Back to Result List

Difficult XSS Code Patterns for Static Code Analysis Tools

  • We present source code patterns that are difficult for modern static code analysis tools. Our study comprises 50 different open source projects in both a vulnerable and a fixed version for XSS vulnerabilities reported with CVE IDs over a period of seven years. We used three commercial and two open source static code analysis tools. Based on the reported vulnerabilities we discovered code patterns that appear to be difficult to classify by static analysis. The results show that code analysis tools are helpful, but still have problems with specific source code patterns. These patterns should be a focus in training for developers.

Export metadata

Additional Services

Share in Twitter Search Google Scholar


Author:Felix Schuckert, Basel Katt, Hanno LangwegORCiDGND
Parent Title (English):Computer Security - ESORICS 2019 International Workshops, IOSec, MSTEC, and FINSEC Luxembourg City, Luxembourg, September 26-27, 2019
Place of publication:Cham
Document Type:Conference Proceeding
Year of Publication:2020
Identifier:Im Katalog der Hochschule Konstanz ansehen
Release Date:2021/01/08
First Page:123
Last Page:139
Zugriff auf den Volltext im Campusnetz der Hochschule Konstanz möglich.
Institutes:Fakultät Informatik
Relevance:Peer reviewed nach anderen Listungen (mit Nachweis zum Peer Review Verfahren)
Open Access?:Nein
Licence (English):License LogoLizenzbedingungen Springer