자바스크립트 웹 앱 분석과 결함 검출

  • 발행 : 2016.03.17

초록

키워드

참고문헌

  1. TIOBE Software. 2015. TIOBE Index for November 2015. www.tiobe.com/index-php/content/paperinfo/tpci/index.html
  2. G. Richards et al. "An Analysis of the Dynamic Behavior of JavaScript Programs", Proceedings of Conference on Programming Language Design and Implementation, pp. 1-12, 2010.
  3. M. Pradel et al. "TypeDevil: Dynamic Type Inconsistency Analysis for JavaScript", Proceedings of the International Conference on Software Engineering, pp. 314-324, 2015.
  4. C. Yue and H. Wang, "Characterizing Insecure JavaScript Practices on the Web", Proceedings of the International Conference on World Wide Web, pp. 960-970, 2009.
  5. D. Jang et al. "An Empirical Study of Privacy-violating Information Flows in JavaScript Web Applications", Proceedings of the Conference on Computer and Communications Security, pp. 270-283, 2010.
  6. N. Nikiforakis et al. "You Are What You Include: Large-scale Evaluation of Remote JavaScript Inclusions", Proceedings of the Conference on Computer and Communications Security, pp. 736-747, 2012.
  7. ECMA. ECMA-262: ECMAScript 2015 Language Specification, 6th Edition. 2015.
  8. M. Pradel and K. Sen. "The Good, the Bad, and the Ugly: An Empirical Study of Implicit Type Conversions in JavaScript", Proceedings of the European Conference on Object-Oriented Programming, pp. 519-541, 2015.
  9. Jensen et al. "Remedying the Eval That Men Do. In Proc. of International Symposium on Software Testing and Analysis", pp. 34-44, 2012.
  10. Mozilla Developer Network. "About JavaScript", 2005.
  11. C. Anderson et al. "Towards Type Inference for JavaScript", Proceedings of the European Conference on Object-Oriented Programming, pp. 428-452. 2005.
  12. P. Thiemann. "Towards a Type System for Analyzing JavaScript Programs", Proceedings of European Symposium on Programming, pp. 408-422, 2005.
  13. Jensen et al. "Type Analysis for JavaScript", Proceedings of the International Symposium on Static Analysis, pp. 238-255, 2009.
  14. S. Guarnieri et al. "Saving the World Wide Web from Vulnerable JavaScript", Proceedings of the International Symposium on Software Testing and Analysis, pp. 177-187, 2011.
  15. R. Chugh et al. "Staged Information Flow for JavaScript", Proceedings of the Conference on Programming Language Design and Implementation, pp. 50-62, 2009.
  16. S. Bandhakavi et al. "VEX: Vetting Browser Extensions for Security Vulnerabilities", Proceedings of the USENIX Conference on Security. pp. 22-22, 2010.
  17. O. Tripp et al. "Hybrid Security Analysis of Web JavaScript Code via Dynamic Partial Evaluation", Proceedings of the International Symposium on Software Testing and Analysis, pp. 49-59, 2014.
  18. H. Lee et al. "SAFE: Formal Specification and Implementation of a Scalable Analysis Framework for ECMAScript", Proceedings of the International Workshop on Foundations of Object-Oriented Languages, 2012.
  19. PLRG@KAIST. "SAFE: JavaScript Analysis Framework", http://safe.kaist.ac.kr, 2013.
  20. P. Cousot and R. Cousot. "Abstract Interpretation: A Unified Lattice Model for Static Analysis of Programs by Construction or Approximation of Fixpoints", Proceedings of the Symposium on Principles of Programming Languages, pp. 238-252, 1977.
  21. S. Kang and S. Ryu. "Formal Specification of a JavaScript Module System", Proceedings of the Conference on Object-Oriented Programming, Systems, Languages, and Applications, pp. 621-638, 2012.
  22. C. Park et al. "All About the with Statement in JavaScript: Re-moving with Statements in JavaScript Applications", Proceedings of the Symposium on Dynamic Languages, pp. 73-84. 2013.
  23. W. Cheung et al. "Development Nature Matters: An Empirical Study of Code Clones in JavaScript Applications", Empirical Software Engineering, pp. 1-48, 2015.
  24. C. Park and S. Ryu. "Scalable and Precise Static Analysis of JavaScript Applications via Loop-Sensitivity", Proceedings of the European Conference on Object-Oriented Programming, pp. 735-756, 2015.
  25. C. Park et al. "Static Analysis of JavaScript Web Applications in the Wild via Practical DOM Modeling", Proceedings of the International Conference on Automated Software Engineering, pp. 552-562, 2015.
  26. S. Bae et al. "SAFE_WAPI: Web API Misuse Detector for Web Applications", Proceedings of the International Symposium on Foundations of Software Engineering, pp. 507-517, 2014.
  27. Y. Ko et al. "Practically Tunable Static Analysis Framework for Large-Scale JavaScript Applications", Proceedings of the International Conference on Automated Software Engineering, pp. 541-551, 2015.
  28. J. Park et al. "Battles with False Positives in Static Analysis of JavaScript Web Applications in the Wild", Proceedings of the International Conference on Software Engineering, 2016.