Difficult XSS Code Patterns for Static Code Analysis Tools
- We present source code patterns that are difficult for modern static code analysis tools. Our study comprises 50 different open source projects in both a vulnerable and a fixed version for XSS vulnerabilities reported with CVE IDs over a period of seven years. We used three commercial and two open source static code analysis tools. Based on the reported vulnerabilities we discovered code patterns that appear to be difficult to classify by static analysis. The results show that code analysis tools are helpful, but still have problems with specific source code patterns. These patterns should be a focus in training for developers.
| Author: | Felix SchuckertORCiD, Basel KattORCiD, Hanno LangwegORCiDGND |
|---|---|
| DOI: | https://doi.org/10.1007/978-3-030-42051-2_9 |
| ISBN: | 978-3-030-42050-5 |
| ISBN: | 978-3-030-42051-2 |
| Parent Title (English): | Computer Security - ESORICS 2019 International Workshops, IOSec, MSTEC, and FINSEC Luxembourg City, Luxembourg, September 26-27, 2019 |
| Publisher: | Springer |
| Place of publication: | Cham |
| Document Type: | Conference Proceeding |
| Language: | English |
| Year of Publication: | 2020 |
| Identifier: | Im Katalog der Hochschule Konstanz ansehen |
| Release Date: | 2021/01/08 |
| First Page: | 123 |
| Last Page: | 139 |
| Note: | Zugriff auf den Volltext im Campusnetz der Hochschule Konstanz möglich. |
| Institutes: | Fakultät Informatik |
| Open Access?: | Nein |
| Licence (German): |  Urheberrechtlich geschützt |
