English
Related papers

Related papers: Study of JavaScript Static Analysis Tools for Vuln…

200 papers

To protect cryptographic implementations from side-channel vulnerabilities, developers must adopt constant-time programming practices. As these can be error-prone, many side-channel detection tools have been proposed. Despite this, such…

Cryptography and Security · Computer Science 2023-10-13 Antoine Geimer , Mathéo Vergnolle , Frédéric Recoules , Lesly-Ann Daniel , Sébastien Bardin , Clémentine Maurice

This paper is an introductory discussion on the cause of open source software vulnerabilities, their importance in the cybersecurity ecosystem, and a selection of detection methods. A recent application security report showed 44% of…

Cryptography and Security · Computer Science 2022-03-31 Stuart Millar

Increasing numbers of software vulnerabilities are discovered every year whether they are reported publicly or discovered internally in proprietary code. These vulnerabilities can pose serious risk of exploit and result in system…

In an algorithmic complexity attack, a malicious party takes advantage of the worst-case behavior of an algorithm to cause denial-of-service. A prominent algorithmic complexity attack is regular expression denial-of-service (ReDoS), in…

Cryptography and Security · Computer Science 2017-01-17 Valentin Wüstholz , Oswaldo Olivo , Marijn J. H. Heule , Isil Dillig

In this paper, we present the first comprehensive empirical study of specialized LLM-based detectors and compare them with traditional static analyzers at the project scale. Specifically, our study evaluates five latest and representative…

Software Engineering · Computer Science 2026-01-28 Fengjie Li , Jiajun Jiang , Dongchi Chen , Yingfei Xiong

Software vulnerabilities in source code pose serious cybersecurity risks, prompting a shift from traditional detection methods (e.g., static analysis, rule-based matching) to AI-driven approaches. This study presents a systematic review of…

Software Engineering · Computer Science 2025-06-13 Samiha Shimmi , Hamed Okhravi , Mona Rahimi

In this paper, we present jscefr (pronounced jes-cee-fer), a tool that detects the use of different elements of the JavaScript (JS) language, effectively measuring the level of proficiency required to comprehend and deal with a fragment of…

Evasion techniques allow malicious code to never be observed. This impacts significantly the detection capabilities of tools that rely on either dynamic or static analysis, as they never get to process the malicious code. The dynamic nature…

Cryptography and Security · Computer Science 2024-05-24 Nikolaos Pantelaios , Alexandros Kapravelos

Large language models (LLMs) are widely used in software development. However, the code generated by LLMs often contains vulnerabilities. Several secure code generation methods have been proposed to address this issue, but their current…

Cryptography and Security · Computer Science 2025-11-14 Shih-Chieh Dai , Jun Xu , Guanhong Tao

Typical Node.js applications extensively rely on packages hosted in the npm registry. As such packages may be used by thousands of other packages or applications, it is important to assess their code coverage. Moreover, increasing code…

Software Engineering · Computer Science 2021-05-17 Haiyang Sun , Andrea Rosà , Daniele Bonetta , Walter Binder

Web developers routinely rely on third-party Java-Script libraries such as jQuery to enhance the functionality of their sites. However, if not properly maintained, such dependencies can create attack vectors allowing a site to be…

Cryptography and Security · Computer Science 2020-02-17 Tobias Lauinger , Abdelberi Chaabane , Sajjad Arshad , William Robertson , Christo Wilson , Engin Kirda

JavaScript is a popular attack vector for releasing malicious payloads on unsuspecting Internet users. Authors of this malicious JavaScript often employ numerous obfuscation techniques in order to prevent the automatic detection by…

Cryptography and Security · Computer Science 2020-09-22 Adrian Herrera

The PQDSS standardization process requires cryptographic primitives to be free from vulnerabilities, including timing and cache side-channels. Resistance to timing leakage is therefore an essential property, and achieving this typically…

Many tools and libraries are readily available to build and operate distributed Web applications. While the setup of operational environments is comparatively easy, practice shows that their continuous secure operation is more difficult to…

Cryptography and Security · Computer Science 2012-07-13 Matteo Maria Casalino , Michele Mangili , Henrik Plate , Serena Elisa Ponta

With the rapid expansion of web-based applications and cloud services, malicious JavaScript code continues to pose significant threats to user privacy, system integrity, and enterprise security. But, detecting such threats remains…

Cryptography and Security · Computer Science 2025-07-31 Zhihong Liang , Xin Wang , Zhenhuang Hu , Liangliang Song , Lin Chen , Jingjing Guo , Yanbin Wang , Ye Tian

The use of open-source software (OSS) is ever-increasing, and so is the number of open-source vulnerabilities being discovered and publicly disclosed. The gains obtained from the reuse of community-developed libraries may be offset by the…

Cryptography and Security · Computer Science 2025-03-18 Serena E. Ponta , Henrik Plate , Antonino Sabetta

Reusable software components, typically distributed as packages, are a central paradigm of modern software development. The JavaScript ecosystem serves as a prime example, offering millions of packages with their use being promoted as…

Software Engineering · Computer Science 2026-01-26 Ben Swierzy , Marc Ohm , Michael Meier

Identifying security issues early is encouraged to reduce the latent negative impacts on software systems. Code review is a widely-used method that allows developers to manually inspect modified code, catching security issues during a…

Software Engineering · Computer Science 2024-05-10 Wachiraphan Charoenwet , Patanamon Thongtanunam , Van-Thuan Pham , Christoph Treude

Numerous tools have been developed to aggressively block the execution of popular JavaScript programs (JS) in Web browsers. Such blocking also affects functionality of webpages and impairs user experience. As a consequence, many privacy…

Cryptography and Security · Computer Science 2016-03-22 Muhammad Ikram , Hassan Jameel Asghar , Mohamed Ali Kaafar , Balachander Krishnamurthy , Anirban Mahanti

Open-source libraries are widely used by software developers to speed up the development of products, however, they can introduce security vulnerabilities, leading to incidents like Log4Shell. With the expanding usage of open-source…

‹ Prev 1 3 4 5 6 7 10 Next ›