We present source code patterns that are difficult for modern static code analysis tools. Our study comprises 50 different open source projects in both a vulnerable and a fixed version for XSS vulnerabilities reported with CVE IDs over a period of seven years. We used three commercial and two open source static code analysis tools. Based on the reported vulnerabilities we discovered code patterns that appear to be difficult to classify by static analysis. The results show that code analysis tools are helpful, but still have problems with specific source code patterns. These patterns should be a focus in training for developers.
CITATION STYLE
Schuckert, F., Katt, B., & Langweg, H. (2020). Difficult XSS Code Patterns for Static Code Analysis Tools. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 11981 LNCS, pp. 123–139). Springer. https://doi.org/10.1007/978-3-030-42051-2_9
Mendeley helps you to discover research relevant for your work.