| Presentation | 2022-11-07 Real-time detection method for DOM-based XSS via multiple files Shu Hiura, Akira Kanaoka, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | DOM Based XSS is one of the most common vulnerabilities related to injection attacks and is caused by improper JavaScript source code. Many studies that detect DOM Based XSS vulnerabilities in source code by real-time static analysis use ESLint. However, they are limited to vulnerabilities contained within a single file. In this study, we propose a method to detect DOM Based XSS vulnerabilities that occur through multiple files, which extends the mechanism of ESLint. A prototype of the proposed method was implemented in a Visual Studio Code extension. We evaluated the feasibility of the proposed method to determine whether it can properly track multiple files and whether the processing time would not affect the user's work. The evaluation showed that the proposed method is highly feasible, and issues for future implementation were discussed. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | DOM Based XSS / Abstract Syntax Tree |
| Paper # | ICSS2022-40 |
| Date of Issue | 2022-10-31 (ICSS) |
| Conference Information | |
| Committee | ICSS |
|---|---|
| Conference Date | 2022/11/7(2days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | Hokkaido Jichiro Kaikan |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | Security, etc. |
| Chair | Katsunari Yoshioka(Yokohama National Univ.) |
| Vice Chair | Takahiro Kasama(NICT) / Akira Yamada(Kobe Univ.) |
| Secretary | Takahiro Kasama(Okayama Univ.) / Akira Yamada(Mitsubishi Electric) |
| Assistant | Takeshi Sugawara(Univ. of Electro-Comm.) / Yo Kanemoto(NTT) |
| Paper Information | |
| Registration To | Technical Committee on Information and Communication System Security |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Real-time detection method for DOM-based XSS via multiple files |
| Sub Title (in English) | |
| Keyword(1) | DOM Based XSS |
| Keyword(2) | Abstract Syntax Tree |
| 1st Author's Name | Shu Hiura |
| 1st Author's Affiliation | Toho University(Toho Univ.) |
| 2nd Author's Name | Akira Kanaoka |
| 2nd Author's Affiliation | Toho University(Toho Univ.) |
| Date | 2022-11-07 |
| Paper # | ICSS2022-40 |
| Volume (vol) | vol.122 |
| Number (no) | ICSS-244 |
| Page | pp.pp.13-18(ICSS), |
| #Pages | 6 |
| Date of Issue | 2022-10-31 (ICSS) |