F4F: taint analysis of framework-based web applications

@inproceedings{Sridharan2011F4FTA,
  title={F4F: taint analysis of framework-based web applications},
  author={Manu Sridharan and Shay Artzi and Marco Pistoia and Salvatore Guarnieri and Omer Tripp and Ryan Berg},
  booktitle={OOPSLA},
  year={2011}
}
This paper presents F4F (Framework For Frameworks), a system for effective taint analysis of framework-based web applications. Most modern web applications utilize one or more web frameworks, which provide useful abstractions for common functionality. Due to extensive use of reflective language constructs in framework implementations, existing static taint analyses are often ineffective when applied to framework-based applications. While previous work has included ad hoc support for certain… CONTINUE READING

Citations

Publications citing this paper.
SHOWING 1-10 OF 49 CITATIONS

Type-Based Taint Analysis for Java Web Applications

VIEW 6 EXCERPTS
CITES BACKGROUND & RESULTS
HIGHLY INFLUENCED

Alias Analysis for Object-Oriented Programs

  • Aliasing in Object-Oriented Programming
  • 2013
VIEW 4 EXCERPTS
CITES METHODS & BACKGROUND

A Review of Researching on Dynamic Taint Analysis Technique

VIEW 3 EXCERPTS
CITES BACKGROUND
HIGHLY INFLUENCED

Dataflow Tunneling: Mining Inter-Request Data Dependencies for Request-Based Applications

  • 2018 IEEE/ACM 40th International Conference on Software Engineering (ICSE)
  • 2018
VIEW 5 EXCERPTS
CITES BACKGROUND & METHODS
HIGHLY INFLUENCED

Taint analysis of manual service compositions using Cross-Application Call Graphs

  • 2015 IEEE 22nd International Conference on Software Analysis, Evolution, and Reengineering (SANER)
  • 2015
VIEW 3 EXCERPTS
HIGHLY INFLUENCED

References

Publications referenced by this paper.