English
Related papers

Related papers: JavaSith: A Client-Side Framework for Analyzing Po…

200 papers

The JavaScript programming language, which began as a simple scripting language for the Web, has become ubiquitous, spanning desktop, mobile, and server applications. This increase in usage has made JavaScript an attractive target for…

Cryptography and Security · Computer Science 2024-10-29 José Miguel Moreno , Narseo Vallina-Rodriguez , Juan Tapiador

Modern malware poses a severe threat to cybersecurity, continually evolving in sophistication. To combat this threat, researchers and security professionals continuously explore advanced techniques for malware detection and analysis.…

Cryptography and Security · Computer Science 2024-04-26 Pasquale Caporaso , Giuseppe Bianchi , Francesco Quaglia

Modern web browsers have effectively become the new operating system for business applications, yet their security posture is often under-scrutinized. This paper presents a novel, comprehensive Browser Security Posture Analysis…

Cryptography and Security · Computer Science 2025-05-14 Avihay Cohen

Code obfuscation is widely adopted in modern software development to protect intellectual property and hinder reverse engineering, but it also provides attackers with a powerful means to conceal malicious logic inside otherwise legitimate…

Cryptography and Security · Computer Science 2026-04-02 Francesco Pagano , Lorenzo Pisu , Leonardo Regano , Davide Maiorca , Alessio Merlo , Giorgio Giacinto

Open-source software supply chain attacks aim at infecting downstream users by poisoning open-source packages. The common way of consuming such artifacts is through package repositories and the development of vetting strategies to detect…

Cryptography and Security · Computer Science 2022-10-11 Piergiorgio Ladisa , Henrik Plate , Matias Martinez , Olivier Barais , Serena Elisa Ponta

The software supply chain is an increasingly common attack vector for malicious actors. The Node.js ecosystem has been subject to a wide array of attacks, likely due to its size and prevalence. To counter such attacks, the research…

Cryptography and Security · Computer Science 2025-09-03 Eric Cornelissen , Musard Balliu

Enterprise environment often screens large-scale (millions of lines of code) codebases with static analysis tools to find bugs and vulnerabilities. Parfait is a static code analysis tool used in Oracle to find security vulnerabilities in…

Software Engineering · Computer Science 2022-01-04 Ya Xiao , Yang Zhao , Nicholas Allen , Nathan Keynes , Danfeng , Yao , Cristina Cifuentes

Maliciously prepared software packages are an extensively leveraged weapon for software supply chain attacks. The detection of malicious packages is undoubtedly of high priority and many academic and commercial approaches have been…

Cryptography and Security · Computer Science 2025-05-13 Marc Ohm , Timo Pohl , Felix Boes

The increasingly sophisticated environment in which attackers operate makes software security an even greater challenge in open-source projects, where malicious packages are prevalent. Static analysis tools, such as Malcontent, are highly…

Cryptography and Security · Computer Science 2026-01-27 Duc-Ly Vu , Thanh-Cong Nguyen , Minh-Khanh Vu , Ngoc-Thanh Nguyen , Kim-Anh Do Thi

Protecting software supply chains from malicious packages is paramount in the evolving landscape of software development. Attacks on the software supply chain involve attackers injecting harmful software into commonly used packages or…

Cryptography and Security · Computer Science 2024-02-13 S. Halder , M. Bewong , A. Mahboubi , Y. Jiang , R. Islam , Z. Islam , R. Ip , E. Ahmed , G. Ramachandran , A. Babar

Malicious websites and phishing URLs pose an ever-increasing cybersecurity risk, with phishing attacks growing by 40% in a single year. Traditional detection approaches rely on machine learning classifiers or rule-based scanners operating…

Cryptography and Security · Computer Science 2025-06-05 Avihay Cohen

With the emergence of the Node.js ecosystem, JavaScript has become a widely-used programming language for implementing server-side web applications. In this paper, we present the first empirical study of static code analysis tools for…

Cryptography and Security · Computer Science 2023-08-07 Tiago Brito , Mafalda Ferreira , Miguel Monteiro , Pedro Lopes , Miguel Barros , José Fragoso Santos , Nuno Santos

Even though a lot of effort has been invested in analyzing client-side web applications during the past decade, the existing tools often fail to deal with the complexity of modern JavaScript applications. However, from an attacker point of…

Software Engineering · Computer Science 2020-04-15 Behnaz Hassanshahi , Hyunjun Lee , Paddy Krishnan , Jörn Güy Suß

Static analysis tools come in many forms andconfigurations, allowing them to handle various tasks in a (secure) development process: code style linting, bug/vulnerability detection, verification, etc., and adapt to the specific requirements…

Browser extensions are additional tools developed by third parties that integrate with web browsers to extend their functionality beyond standard capabilities. However, the browser extension platform is increasingly being exploited by…

Cryptography and Security · Computer Science 2025-10-08 Shreya Singh , Gaurav Varshney , Tarun Kumar Singh , Vidhi Mishra , Khushi Verma

Software supply chain attacks have become a significant threat as software development increasingly relies on contributions from multiple, often unverified sources. The code from unverified sources does not pose a threat until it is…

Cryptography and Security · Computer Science 2024-07-02 Aman Sharma , Martin Wittlinger , Benoit Baudry , Martin Monperrus

Evasion techniques allow malicious code to never be observed. This impacts significantly the detection capabilities of tools that rely on either dynamic or static analysis, as they never get to process the malicious code. The dynamic nature…

Cryptography and Security · Computer Science 2024-05-24 Nikolaos Pantelaios , Alexandros Kapravelos

Given a desired goal of testing the capabilities of mainstream antivirus software against evasive malicious payloads delivered via drive-by download, this work aims to extend the functionality of Metasploit--the penetration testing suite of…

Cryptography and Security · Computer Science 2017-05-16 Aubrey Alston

This paper presents the source code analysis of a file reader server socket program (connection-oriented sockets) developed in Java, to illustrate the identification, impact analysis and solutions to remove five important software security…

Cryptography and Security · Computer Science 2014-12-02 Natarajan Meghanathan

The drastic increase of JavaScript exploitation attacks has led to a strong interest in developing techniques to enable malicious JavaScript analysis. Existing analysis tech- niques fall into two general categories: static analysis and…

Cryptography and Security · Computer Science 2017-01-30 Xunchao Hu , Yao Cheng , Yue Duan , Andrew Henderson , Heng Yin
‹ Prev 1 2 3 10 Next ›