Skip to main content
Conference Proceedings

Difficult XSS Code Patterns for Static Code Analysis Tools

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2020) 11981 LNCS 123-139
DOI: 10.1007/978-3-030-42051-2_9
3Citations
Citations of this article
7Readers
Mendeley users who have this article in their library.
Get full text

Abstract

We present source code patterns that are difficult for modern static code analysis tools. Our study comprises 50 different open source projects in both a vulnerable and a fixed version for XSS vulnerabilities reported with CVE IDs over a period of seven years. We used three commercial and two open source static code analysis tools. Based on the reported vulnerabilities we discovered code patterns that appear to be difficult to classify by static analysis. The results show that code analysis tools are helpful, but still have problems with specific source code patterns. These patterns should be a focus in training for developers.

Author supplied keywords

Cite

CITATION STYLE

APA

Schuckert, F., Katt, B., & Langweg, H. (2020). Difficult XSS Code Patterns for Static Code Analysis Tools. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 11981 LNCS, pp. 123–139). Springer. https://doi.org/10.1007/978-3-030-42051-2_9

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free