基于污点分析的JavaScript应用脆弱性检测工具研究与实现
首发时间:2017-10-11
摘要:JavaScript语言是Web中最重要的动态语言,如果代码操作没有经过严格的分析和处理的危险数据,则非常容易侵犯用户隐私,引起安全危机。本文研究了前人的在静态分析领域内的工作成果,充分了解了污点分析的各种方法,以及互相之间的区别。为了填补在JavaScript语言上进行污点分析的技术空白,本文提出了基于抽象语法树的污点分析算法,并结合静态领域词法分析和语法分析算法设计了JavaScript应用脆弱性检测工具,最终通过实验证明了算法的正确性。为JavaScript静态分析打开了新的技术大门,为用户信息安全提供了新的保障。
For information in English, please click here
Research on vulnerability detection tool for JavaScript based on Taint Analysis
Abstract:JavaScript is the most important language in Web. A dangerous tainted data passed into the code written in JavaScript is very dangerous that will easily cause information security issue. This paper studied the result of the former in static analyze that helps explain the difference between all the methods. To fulfill the empty in the taint analyze of JavaScript, this paper brought up an algorithm based on control flow graph. The algorithm combined with lexical analysis and Parsing is built into a tool that can detected the vulnerability of JavaScript Application. In the end of this paper, an experiment proves the right of the algorithm. This paper brings light into the world of taint analysis of JavaScript that improves the security of user information.
Keywords: Information Security Taint Analyze Static Analyze Dynamic Language
基金:
引用
No.****
动态公开评议
共计0人参与
勘误表
基于污点分析的JavaScript应用脆弱性检测工具研究与实现
评论
全部评论0/1000