This paper proposes a static analysis technique for detecting many recently discovered application vulnerabilities such as SQL injections, cross-site scripting, and HTTP splitting attacks based on a scalable and precise points-to analysis.
This paper presents a language called PQL (Program Query Language) that allows programmers to express such questions easily in an application-specific context and develops both static and dynamic techniques to find solutions to PQL queries.
The approach uses Bayesian classification of hierarchical features of the JavaScript abstract syntax tree to identify syntax elements that are highly predictive of malware, and shows that ZOZZLE is able to detect JavaScript malware through mostly static code analysis effectively.
The combination of revision history mining and dynamic analysis techniques leveraged in DynaMine proves effective for both discovering new application-specific patterns and for finding errors when applied to very large applications with many man-years of development and debugging effort behind them.
The effectiveness of NOZZLE is measured by demonstrating that it successfully detects 12 published and 2,000 synthetically generated heap-spraying exploits and it is shown that even with a detection threshold set six times lower than is required to detect published malicious attacks, NOZZle reports no false positives when run over 150 popular Internet sites.
ConScript, a client-side advice implementation for security, built on top of Internet Explorer 8, is presented and it is concluded that it is significantly lower than that of other systems proposed in the literature, both on micro-benchmarks as well as large, widely-used applications such as MSN, GMail, Google Maps, and Live Desktop.
GATEKEEPER is a highly extensible system with a rich, expressive policy language, allowing the hosting site administrator to formulate their policies as succinct Datalog queries, and results in 1,341 verified warnings in 684 widgets, no false negatives, due to the soundness of the analysis, and false positives affecting only two widgets.
Rozzle, a JavaScript multi-execution virtual machine, is proposed as a way to explore multiple execution paths within a single execution so that environment-specific malware will reveal itself, and it is shown that Rozzle triples the effectiveness of online runtime detection.
This paper compiles an ML-like language with higher-order functions and references to JavaScript, while preserving all source program properties, and shows full abstraction: two programs are equivalent in all source contexts if and only if their wrapped translations are equivalents in all JavaScript contexts.
This paper evaluates the behavior of JavaScript web applications from commercial web sites and compares this behavior with the benchmarks, finding that the benchmarks are not representative of many real web Sites and that conclusions reached from measuring the benchmarks may be misleading.