Gelato: Feedback-driven and Guided Security Analysis of Client-side Web Applications

April 14, 2020 Β· Declared Dead Β· πŸ› IEEE International Conference on Software Analysis, Evolution, and Reengineering

πŸ‘» CAUSE OF DEATH: Ghosted
No code link whatsoever

"No code URL or promise found in abstract"

Evidence collected by the PWNC Scanner

Authors Behnaz Hassanshahi, Hyunjun Lee, Paddy Krishnan, Jârn Güy Suß arXiv ID 2004.06292 Category cs.SE: Software Engineering Cross-listed cs.CR Citations 9 Venue IEEE International Conference on Software Analysis, Evolution, and Reengineering Last Checked 4 months ago
Abstract
Even though a lot of effort has been invested in analyzing client-side web applications during the past decade, the existing tools often fail to deal with the complexity of modern JavaScript applications. However, from an attacker point of view, the client side of such web applications can reveal invaluable information about the server side. In this paper, first we study the existing tools and enumerate the most crucial features a security-aware client-side analysis should be supporting. Next, we propose GELATO to detect vulnerabilities in modern client-side JavaScript applications that are built upon complex libraries and frameworks. In particular, we take the first step in closing the gap between state-aware crawling and client-side security analysis by proposing a feedback-driven security-aware guided crawler that is able to analyze complex frameworks automatically, and increase the coverage of security-sensitive parts of the program efficiently. Moreover, we propose a new lightweight client-side taint analysis that outperforms the start-of-the-art tools, requires no modification to browsers, and reports non-trivial taint flows on modern JavaScript applications.
Community shame:
Not yet rated
Community Contributions

Found the code? Know the venue? Think something is wrong? Let us know!

πŸ“œ Similar Papers

In the same crypt β€” Software Engineering

Died the same way β€” πŸ‘» Ghosted