English
Related papers

Related papers: Study of JavaScript Static Analysis Tools for Vuln…

200 papers

The Huge growth in the usage of web applications has raised concerns regarding their security vulnerabilities, which in turn pushes toward robust security testing tools. This study compares OWASP ZAP, the leading open-source web application…

Cryptography and Security · Computer Science 2025-01-13 Usha-Sri Potti , Hong-Sheng Huang , Hsuan-Tung Chen , Hung-Min Sun

This study explores the effectiveness of graph neural networks (GNNs) for vulnerability detection in software code, utilizing a real-world dataset of Java vulnerability-fixing commits. The dataset's structure, based on the number of…

Cryptography and Security · Computer Science 2024-06-19 Ravil Mussabayev

JavaScript packages are notoriously prone to bloat, a factor that significantly impacts the performance and maintainability of web applications. While web bundlers and tree-shaking can mitigate this issue in client-side applications,…

Software Engineering · Computer Science 2025-05-22 Yuxin Liu , Deepika Tiwari , Cristian Bogdan , Benoit Baudry

Software vulnerabilities, caused by unintentional flaws in source code, are a primary root cause of cyberattacks. Static analysis of source code has been widely used to detect these unintentional defects introduced by software developers.…

Software Engineering · Computer Science 2024-08-08 Andrew A Mahyari

Zero-day vulnerabilities can be accidentally or maliciously placed in code and can remain in place for years. In this study, we address an aspect of their longevity by considering the likelihood that they will be discovered in the code…

Cryptography and Security · Computer Science 2018-09-03 Andrew J. Lohn

Large Language Models (LLMs) have demonstrated significant potential in automated software security, particularly in vulnerability detection. However, existing benchmarks primarily focus on isolated, single-vulnerability samples or…

Cryptography and Security · Computer Science 2025-12-30 Chinmay Pushkar , Sanchit Kabra , Dhruv Kumar , Jagat Sesh Challa

Security code review is a time-consuming and labor-intensive process typically requiring integration with automated security defect detection tools. However, existing security analysis tools struggle with poor generalization, high false…

Software Engineering · Computer Science 2026-05-12 Jiaxin Yu , Peng Liang , Yujia Fu , Amjed Tahir , Mojtaba Shahin , Chong Wang , Yangxiao Cai

Prototype pollution is a dangerous vulnerability affecting prototype-based languages like JavaScript and the Node.js platform. It refers to the ability of an attacker to inject properties into an object's root prototype at runtime and…

Cryptography and Security · Computer Science 2022-11-14 Mikhail Shcherbakov , Musard Balliu , Cristian-Alexandru Staicu

Modern software systems are developed in diverse programming languages and often harbor critical vulnerabilities that attackers can exploit to compromise security. These vulnerabilities have been actively targeted in real-world attacks,…

Cryptography and Security · Computer Science 2025-03-27 Zhuoyun Qian , Fangtian Zhong , Qin Hu , Yili Jiang , Jiaqi Huang , Mengfei Ren , Jiguo Yu

Static Application Security Testing (SAST) is a popular quality assurance technique in software engineering. However, integrating SAST tools into industry-level product development and security assessment poses various technical and…

Software Engineering · Computer Science 2021-03-25 Anh Nguyen-Duc , Manh Viet Do , Quan Luong Hong , Kiem Nguyen Khac

The prevalence of security vulnerabilities has prompted companies to adopt static application security testing (SAST) tools for vulnerability detection. Nevertheless, these tools frequently exhibit usability limitations, as their generic…

Modern web browsers have effectively become the new operating system for business applications, yet their security posture is often under-scrutinized. This paper presents a novel, comprehensive Browser Security Posture Analysis…

Cryptography and Security · Computer Science 2025-05-14 Avihay Cohen

Blockchain smart contracts have emerged as a transformative force in the digital realm, spawning a diverse range of compelling applications. Since solidity smart contracts across various domains manage trillions of dollars in virtual coins,…

Distributed, Parallel, and Cluster Computing · Computer Science 2024-12-12 Zhiyuan Wei , Xianhao Zhang , Jing Sun , Zijian Zhang , Liehuang Zhu

Android is the most used Operating System worldwide for mobile devices, with hundreds of thousands of apps downloaded daily. Although these apps are primarily written in Java and Kotlin, advanced functionalities such as graphics or…

Cryptography and Security · Computer Science 2024-12-03 Silvia Lucia Sanna , Diego Soi , Davide Maiorca , Giorgio Fumera , Giorgio Giacinto

Modern software development frequently uses third-party packages, raising the concern of supply chain security attacks. Many attackers target popular package managers, like npm, and their users with supply chain attacks. In 2021 there was a…

Cryptography and Security · Computer Science 2022-02-15 Nusrat Zahan , Thomas Zimmermann , Patrice Godefroid , Brendan Murphy , Chandra Maddila , Laurie Williams

Web application (WA) expands its usages to provide more and more services and it has become one of the most essential communication channels between service providers and the users. To augment the users experience many web applications are…

Cryptography and Security · Computer Science 2009-08-31 Suman Saha

Even though a lot of effort has been invested in analyzing client-side web applications during the past decade, the existing tools often fail to deal with the complexity of modern JavaScript applications. However, from an attacker point of…

Software Engineering · Computer Science 2020-04-15 Behnaz Hassanshahi , Hyunjun Lee , Paddy Krishnan , Jörn Güy Suß

The rapid rise of cyber-crime activities and the growing number of devices threatened by them place software security issues in the spotlight. As around 90% of all attacks exploit known types of security issues, finding vulnerable…

Cryptography and Security · Computer Science 2024-05-14 Rudolf Ferenc , Péter Hegedűs , Péter Gyimesi , Gábor Antal , Dénes Bán , Tibor Gyimóthy

Exaggeration or context changes can render maintainability experience into prejudice. For example, JavaScript is often seen as least elegant language and hence of lowest maintainability. Such prejudice should not guide decisions without…

Software Engineering · Computer Science 2019-01-14 Tobias Roehm , Daniel Veihelmann , Stefan Wagner , Elmar Juergens

Even though much progress has been made in identifying and mitigating smart contract vulnerabilities, we often hear about coding or design issues leading to great financial losses. This paper presents our progress toward finding defects…

Logic in Computer Science · Computer Science 2024-11-01 Stefan-Claudiu Susan