Evaluating Taint Analysis Tools for JavaScript

Graduate Thesis uoadl:2879782 91 Read counter

Unit:
Department of Informatics and Telecommunications
Πληροφορική
Deposit date:
2019-07-25
Year:
2019
Author:
PAPAMICHALOPOULOS MARIOS
Supervisors info:
Δημήτρης Μητρόπουλος, Επισκέπτης Καθηγητής, Τμήμα Πληροφορικής & Τηλεπικοινωνιών
Αλέξης Δελής, Καθηγητής, Τμήμα Πληροφορικής & Τηλεπικοινωνιών
Original Title:
Evaluating Taint Analysis Tools for JavaScript
Languages:
English
Translated title:
Αξιολογώντας Εργαλεία Ανάλυσης JavaScript Προγραμμάτων
Summary:
In the context of this BSc thesis, we have examined a number of scientific tools that
perform taint analysis for programs written in the JavaScript programming language.

Taint analysis is defined as a type of analysis which concludes if points of the program
that act as entry points for sensitive data are dangerous for the application, by tracking
the flow of such data throughout the program. Such points are called taint sources.

Specifically, taint analysis marks as tainted the variables which have been affected by
user input and tracks them until they reach a sensitive method, called sink. If a tainted
variable reaches such a point, without being properly sanitized first, a vulnerability is
reported. Tainting is the association of some kind of label or mark to sensitive data that
allows the tracking of their flow throughout the program as well as the propagation of
taint to the variables they come across.

The purpose of this research is the thorough research of scientific tools that perform
such kind of analyses for programs written in JavaScript. We hereby present a
collection of frameworks and approaches, which developers and enterprises may
incorporate to their defense arsenal, for the inspection of the client-side code of their
web applications, thus negating possible web attacks.
Main subject category:
Technology - Computer science
Keywords:
Taint Analysis, Security, JavaScript, Client-side Vulnerabilities, Static Taint Analysis, Dynamic Taint Analysis
Index:
Yes
Number of index pages:
5
Contains images:
Yes
Number of references:
24
Number of pages:
67
Thesis.pdf (1 MB) Open in new window