Research on vulnerability detection tool for JavaScript based on Taint Analysis

• 1、School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing 100876
• 2、China telecom Co. Ltd Yunnan, Branch of Information Security, Yunnan 650100

Abstract：JavaScript is the most important language in Web. A dangerous tainted data passed into the code written in JavaScript is very dangerous that will easily cause information security issue. This paper studied the result of the former in static analyze that helps explain the difference between all the methods. To fulfill the empty in the taint analyze of JavaScript, this paper brought up an algorithm based on control flow graph. The algorithm combined with lexical analysis and Parsing is built into a tool that can detected the vulnerability of JavaScript Application. In the end of this paper, an experiment proves the right of the algorithm. This paper brings light into the world of taint analysis of JavaScript that improves the security of user information.

Keywords： Information Security Taint Analyze Static Analyze Dynamic Language