Papers

1. Jovanovic N, Kruegel C, Kirda E. Pixy: A static analysis tool for detecting web application vulnerabilities. In: 2006 IEEE Symposium on Security and Privacy (S&P’06). IEEE; 2006. p. 6–pp.
2. F. Yamaguchi, M. Lottmann, and K. Rieck, “Generalized vulnerability extrapolation using abstract syntax trees,” in Proceedings of the 28th Annual Computer Security Applications Conference. ACM, 2012, pp. 359–368.
3. F. Yamaguchi, N. Golde, D. Arp, and K. Rieck, “Modeling and discovering vulnerabilities with code property graphs,” in Proceedings of the 35th IEEE Symposium on Security and Privacy, SP 2014, pp. 590–604, San Jose, CA, USA, May 2014.
4. Fabian Yamaguchi, Alwin Maier, Hugo Gascon, and Konrad Rieck. “Automatic inference of search patterns for taint-style vulnerabilities”. In: Proc. IEEE Security & Privacy. 2015, pp. 797–812 (cit. on pp. 2, 65, 83, 88).
5. BACKES, M., RIECK, K., SKORUPPA, M., STOCK, B., AND YAMAGUCHI, F. Efficient and flexible discovery of php application vulnerabilities. In Security and Privacy (EuroS&P), 2017 IEEE European Symposium on (2017), IEEE, pp. 334–349.
6. Unruh, T., Shastry, B., Skoruppa, M., Maggi, F., Rieck, K., Seifert, J. P., & Yamaguchi, F. (2017). “Leveraging Flawed Tutorials for Seeding Large-Scale Web Vulnerability Discovery”. In 11th {USENIX} Workshop on Offensive Technologies ({WOOT} 17).
7. Z. Li, D. Zou, S. Xu, H. Jin, H. Qi, and J. Hu, “VulPecker: An automated vulnerability detection system based on code similarity analysis,” in Proceedings of the 32nd Annual Conference on Computer Security Applications. ACM, 2016, pp. 201–213.
8. Kangjie Lu, Aditya Pakki, Qiushi Wu Detecting Missing-Check Bugs via Semantic- and Context-Aware Criticalness and Constraints Inferences
9. Alhuzali A, Gjomemo R, Eshete B, Venkatakrishnan V. NAVEX: Precise and Scalable Exploit Generation for Dynamic Web Applications. In: 27th USENIX Security Symposium (USENIX Security 18); 2018. p. 377–392.
10. Y.Minamid, Static approximation of dynamically generated web pages, in WWW'05:Proceedings of the 14th International Conference on World Wide Web. New York,NY,USA: ACM Press, 2005, pp.432-441
11. Y.Xie and A.Aiken, Static Detection of Security Vulnerabilities in Scripting Languages, http://glide.stanford.edu/yichen/research/sec.ps, 2006.
12. Kim, Seulbae et al. “VUDDY: A Scalable Approach for Vulnerable Code Clone Discovery.” 2017 IEEE Symposium on Security and Privacy (SP) (2017): 595-614.
13. Nashaat, Mona et al. “Detecting Security Vulnerabilities in Object-Oriented PHP Programs.” 2017 IEEE 17th International Working Conference on Source Code Analysis and Manipulation (SCAM) (2017): 159-164.
14. Khalaf, Aya et al. “A Machine Learning Approach for Classifying Faults in Microgrids using Wavelet Decomposition.” 2019 IEEE 29th International Workshop on Machine Learning for Signal Processing (MLSP) (2019): 1-6.
15. Medeiros, Ibéria et al. “DEKANT: a static analysis tool that learns to detect web application vulnerabilities.” ISSTA 2016 (2016).
16. Halfond, William G. J. and A. Orso. “AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks.” ASE '05 (2005).
17. Dahse, J. et al. “Code Reuse Attacks in PHP: Automated POP Chain Generation.” Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (2014): n. pag.
18. Paulsen, Brandon et al. “Debreach: Mitigating Compression Side Channels via Static Analysis and Transformation.” 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE) (2019): 899-911.
19. Wang, Huanting et al. “Combining Graph-Based Learning With Automated Data Collection for Code Vulnerability Detection.” IEEE Transactions on Information Forensics and Security 16 (2021): 1943-1958.
20. Dahse, J. and T. Holz. “Simulation of Built-in PHP Features for Precise Static Code Analysis.” NDSS (2014).(AND RIPS second order)
21. Moor, O. et al. “Keynote Address: .QL for Source Code Analysis.” Seventh IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM 2007) (2007): 3-16.
22. Li, Zhenmin and Yuanyuan Zhou. “PR-Miner: automatically extracting implicit programming rules and detecting violations in large software code.” ESEC/FSE-13 (2005).
23. Brown, Fraser et al. “Sys: A Static/Symbolic Tool for Finding Good Bugs in Good (Browser) Code.” USENIX Security Symposium (2020).
24. Yu, Fang et al. “Stranger: An Automata-Based String Analysis Tool for PHP.” TACAS (2010).
25. Balzarotti, D. et al. “Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications.” 2008 IEEE Symposium on Security and Privacy (sp 2008) (2008): 387-401.
26. Yamaguchi, Fabian et al. “Chucky: exposing missing checks in source code for vulnerability discovery.” Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security (2013): n. pag.
27. Yamaguchi, Fabian et al. “Modeling and Discovering Vulnerabilities with Code Property Graphs.” 2014 IEEE Symposium on Security and Privacy (2014): 590-604.
28. Alexander Bulekov et al. “Saphire: Sandboxing PHP Applications with Tailored System Call Allowlists”.
29. Alhuzali, Abeer et al. “Chainsaw: Chained Automated Workflow-based Exploit Generation.” Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (2016): n. pag.
30. Nunes, P. et al. “phpSAFE: A Security Analysis Tool for OOP Web Application Plugins.” 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (2015): 299-306.
31. Zheng, Yunhui et al. “Z3-str: a z3-based string solver for web application analysis.” ESEC/FSE 2013 (2013).
32. Prasse, Paul et al. “Learning to identify concise regular expressions that describe email campaigns.” J. Mach. Learn. Res. 16 (2015): 3687-3720.
33. Eriksson, B. et al. “Black Widow: Blackbox Data-driven Web Scanning.” (2021).
34. Trinh, Minh-Thai et al. “S3: A Symbolic String Solver for Vulnerability Detection in Web Applications.” Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (2014): n. pag.
35. Kiezun, Adam et al. “HAMPI: a solver for string constraints.” ISSTA (2009).
36. Schwartz, E. J. et al. “All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask).” 2010 IEEE Symposium on Security and Privacy (2010): 317-331.
37. Steffens, M. et al. “Don't Trust The Locals: Investigating the Prevalence of Persistent Client-Side Cross-Site Scripting in the Wild.” NDSS (2019).
38. Daniil Sadyrin et al. “Application of Graph Databases for Static Code Analysis of Web-Applications”
39. Yan, H. et al. “Machine-Learning-Guided Typestate Analysis for Static Use-After-Free Detection.” Proceedings of the 33rd Annual Computer Security Applications Conference (2017): n. pag.
40. Grech, N. and Y. Smaragdakis. “P/Taint: unified points-to and taint analysis.” Proceedings of the ACM on Programming Languages 1 (2017): 1 - 28.
41. Buyukkayhan, A. S. et al. “What’s in an Exploit? An Empirical Analysis of Reflected Server XSS Exploitation Techniques.” (2020).
42. Huang, Yao-Wen et al. “Securing web application code by static analysis and runtime protection.” WWW '04 (2004).
43. Wassermann, Gary and Z. Su. “Sound and precise analysis of web applications for injection vulnerabilities.” PLDI '07 (2007).
44. Huang, Yao-Wen et al. “Verifying Web applications using bounded model checking.” International Conference on Dependable Systems and Networks, 2004 (2004): 199-208.
45. Li, Yue, Tian Tan and Jingling Xue. “Understanding and Analyzing Java Reflection.” ACM Transactions on Software Engineering and Methodology (TOSEM) 28 (2016): 1 - 50.
46. Hooimeijer, Pieter, Benjamin Livshits, David A. Molnar, P. Saxena and Margus Veanes. “Fast and Precise Sanitizer Analysis with BEK.” USENIX Security Symposium (2011).
47. Späth, Johannes, Karim Ali and Eric Bodden. “Context-, flow-, and field-sensitive data-flow analysis using synchronized Pushdown systems.” Proceedings of the ACM on Programming Languages 3 (2019): 1 - 29.
48. Bian, Pan, Bin Liang, Jianjun Huang, Wenchang Shi, Xidong Wang and Jian Zhang. “SinkFinder: harvesting hundreds of unknown interesting function pairs with just one seed.” Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (2020): n. pag.
49. Schuckert, Felix, Basel Katt and Hanno Langweg. “Difficult SQLi Code Patterns for Static Code Analysis Tools.” (2020).
50. Li, Penghui. “On the Feasibility of Automated Built-in Function Modeling for PHP Symbolic Execution.” (2021).
51. Livshits, Benjamin, Aditya V. Nori, Sriram K. Rajamani and Anindya Banerjee. “Merlin: specification inference for explicit information flow problems.” PLDI '09 (2009).
52. Shcherbakov, Mikhail and Musard Balliu. “SerialDetector: Principled and Practical Exploration of Object Injection Vulnerabilities for the Web.” NDSS (2021).
53. Minamide, Yasuhiko. “Static approximation of dynamically generated Web pages.” WWW '05 (2005).
54. Lee, Taekjin, Seongil Wi, Suyoung Lee and Sooel Son. “FUSE: Finding File Upload Bugs via Penetration Testing.” NDSS (2020).
55. Lekies, Sebastian, Krzysztof Kotowicz, Samuel Groß, Eduardo A. Vela Nava and Martin Johns. “Code-Reuse Attacks for the Web: Breaking Cross-Site Scripting Mitigations via Script Gadgets.” Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (2017): n. pag.
56. Rahaman, Sazzadur, Ya Xiao, Sharmin Afrose, Fahad Shaon, Ke Tian, Miles Frantz, Murat Kantarcioglu and Danfeng Daphne Yao. “CryptoGuard: High Precision Detection of Cryptographic Vulnerabilities in Massive-sized Java Projects.” Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (2019): n. pag.
57. Li, Penghui and Wei Meng. “LChecker: Detecting Loose Comparison Bugs in PHP.” Proceedings of the Web Conference 2021 (2021): n. pag.
58. Li, Z., Deqing Zou, Shouhuai Xu, Xinyu Ou, Hai Jin, Sujuan Wang, Zhijun Deng and Yuyi Zhong. “VulDeePecker: A Deep Learning-Based System for Vulnerability Detection.” ArXiv abs/1801.01681 (2018): n. pag.
59. Pellegrino, Giancarlo, Martin Johns, Simon Koch, Michael Backes and Christian Rossow. “Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs.” Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (2017): n. pag.
60. Yang, Kevin K., Zachary Wu and Frances H. Arnold. “Machine-learning-guided directed evolution for protein engineering.” Nature Methods (2019): 1-8.
61. Medeiros, I., Neves, N.F., & Correia, M.P. (2016). Detecting and Removing Web Application Vulnerabilities with Static Analysis and Data Mining. IEEE Transactions on Reliability, 65, 54-69.
62. Huang, J., Zhang, J., Liu, J., Li, C., & Dai, R. (2021). UFuzzer: Lightweight Detection of PHP-Based Unrestricted File Upload Vulnerabilities Via Static-Fuzzing Co-Analysis. 24th International Symposium on Research in Attacks, Intrusions and Defenses.
63. Shar, L.K., & Tan, H.B. (2012). Automated removal of cross site scripting vulnerabilities in web applications. Inf. Softw. Technol., 54, 467-478.
64. Pellegrino, Giancarlo, Constantin Tschürtz, Eric Bodden and Christian Rossow. “jÄk: Using Dynamic Analysis to Crawl and Test Modern Web Applications.” RAID (2015).
65. Zhang, Hang, Weiteng Chen, Yu Hao, Guoren Li, Yizhuo Zhai, Xiaocheng Zou and Zhiyun Qian. “Statically Discovering High-Order Taint Style Vulnerabilities in OS Kernels.” Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (2021): n. pag.
66. Park, Sunnyeo and Suman Sekhar Jana. “FUGIO: Automatic Exploit Generation for PHP Object Injection Vulnerabilities.” (2021).
67. Calzavara, Stefano et al. “Mitch: A Machine Learning Approach to the Black-Box Detection of CSRF Vulnerabilities.” 2019 IEEE European Symposium on Security and Privacy (EuroS&P) (2019): 528-543.
68. Balzarotti, D. et al. “Multi-module vulnerability analysis of web-based applications.” CCS '07 (2007).
69. Shar, Lwin Khin, Lionel Claude Briand and Hee Beng Kuan Tan. “Web Application Vulnerability Prediction Using Hybrid Program Analysis and Machine Learning.” IEEE Transactions on Dependable and Secure Computing 12 (2015): 688-707.
70. Perl, H., Dechand, S., Smith, M., Arp, D., Yamaguchi, F., Rieck, K., Fahl, S., & Acar, Y.G. (2015). VCCFinder: Finding Potential Vulnerabilities in Open-Source Projects to Assist Code Audits. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security.
71. Yamaguchi, F., Lottmann, M., & Rieck, K. (2012). Generalized vulnerability extrapolation using abstract syntax trees. ACSAC '12.
72. Chibotaru, V., Bichsel, B., Raychev, V., & Vechev, M.T. (2019). Scalable taint specification inference with big code. Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation.
73. Staicu, C., Torp, M.T., Schäfer, M., Møller, A., & Pradel, M. (2020). Extracting Taint Specifications for JavaScript Libraries. 2020 IEEE/ACM 42nd International Conference on Software Engineering (ICSE), 198-209.
74. DeepTective
75. Shahriar, H., & Haddad, H.M. (2016). Object injection vulnerability discovery based on latent semantic indexing. Proceedings of the 31st Annual ACM Symposium on Applied Computing.
76. Kassar, F.A., Clerici, G., Compagna, L., Balzarotti, D., & Yamaguchi, F. (2022). Testability Tarpits: the Impact of Code Patterns on the Security Testing of Web Applications. Proceedings 2022 Network and Distributed System Security Symposium.
77. Wi, S., Woo, S., Whang, J.J., & Son, S. (2022). HiddenCPG: Large-Scale Vulnerable Clone Detection Using Subgraph Isomorphism of Code Property Graphs. Proceedings of the ACM Web Conference 2022.
78. Schuckert Felix, Basel Katt, and Hanno Langweg. "Difficult XSS Code Patterns for Static Code Analysis Tools." Computer Security. Springer, Cham, 2019. 123-139.
79. Schuckert Felix, Basel Katt, and Hanno Langweg. "Diffcult SQLi Code Patterns for Static Code Analysis Tools." Norsk IKT-konferanse for forskning og utdanning. No. 3. 2020.
80. Ping, C. (2017). A second-order SQL injection detection method. 2017 IEEE 2nd Information Technology, Networking, Electronic and Automation Control Conference (ITNEC), 1792-1796.
81. Luo, C., Li, P., & Meng, W. (2022). TChecker: Precise Static Inter-Procedural Analysis for Detecting Taint-Style Vulnerabilities in PHP Applications. Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security.
82. FICS

PHP研究线

• 2004

  • Huang, Yao-Wen et al. “Securing web application code by static analysis and runtime protection.” WWW '04 (2004).
  • Huang, Yao-Wen et al. “Verifying Web applications using bounded model checking.” International Conference on Dependable Systems and Networks, 2004 (2004): 199-208.

• 2005

  • Xie, Y. and A. Aiken. “Static Detection of Security Vulnerabilities in Scripting Languages.” USENIX Security Symposium (2006).
  • Minamide, Yasuhiko. “Static approximation of dynamically generated Web pages.” WWW '05 (2005).
  • Jovanovic, N. et al. “Pixy: a static analysis tool for detecting Web application vulnerabilities.” 2006 IEEE Symposium on Security and Privacy (S&P'06) (2006): 6 pp.-263.
  • Nguyen-Tuong, Anh et al. “Automatically Hardening Web Applications Using Precise Tainting.” SEC (2005).

• 2007

  • Wassermann, Gary and Z. Su. “Sound and precise analysis of web applications for injection vulnerabilities.” PLDI '07 (2007).
  • Balzarotti, D. et al. “Multi-module vulnerability analysis of web-based applications.” CCS '07 (2007).

• 2008

  • Wassermann, Gary and Z. Su. “Static detection of cross-site scripting vulnerabilities.” 2008 ACM/IEEE 30th International Conference on Software Engineering (2008): 171-180.
  • Balzarotti, D. et al. “Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications.” 2008 IEEE Symposium on Security and Privacy (sp 2008) (2008): 387-401.

• 2009

  • Yu, Fang et al. “Generating Vulnerability Signatures for String Manipulating Programs Using Automata-Based Forward and Backward Symbolic Analyses.” 2009 IEEE/ACM International Conference on Automated Software Engineering (2009): 605-609.

• 2010

  • Yu, Fang et al. “Stranger: An Automata-Based String Analysis Tool for PHP.” TACAS (2010).
  • Jovanovic, N. et al. “Static analysis for detecting taint-style vulnerabilities in web applications.” J. Comput. Secur. 18 (2010): 861-907.
  • S. Artzi, A. Kiezun, J. Dolby, F. Tip, D. Dig, A. Paradkar, and M. D. Ernst. Finding Bugs in Web Applications Using Dynamic TestGeneration and Explicit-State Model Checking. IEEE Trans. Softw. Eng., 36(4), 2010.

• 2011

  • Shar, L.K., & Tan, H.B. (2012). Automated removal of cross site scripting vulnerabilities in web applications. Inf. Softw. Technol., 54, 467-478.

• 2014

  • Dahse, J. and T. Holz. “Simulation of Built-in PHP Features for Precise Static Code Analysis.” NDSS (2014).
  • Hauzar, David and J. Kofron. “WeVerca: Web Applications Verification for PHP.” SEFM (2014).
  • Dahse, J. et al. “Code Reuse Attacks in PHP: Automated POP Chain Generation.” Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (2014): n. pag.

• 2015

  • Dahse, Johannes and Thorsten Holz. “Static Detection of Second-Order Vulnerabilities in Web Applications.” USENIX Security Symposium (2014).
  • Olivo, Oswaldo et al. “Detecting and Exploiting Second Order Denial-of-Service Vulnerabilities in Web Applications.” CCS '15 (2015).
  • Nunes, P. et al. “phpSAFE: A Security Analysis Tool for OOP Web Application Plugins.” 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (2015): 299-306.
  • Shar, Lwin Khin, Lionel Claude Briand and Hee Beng Kuan Tan. “Web Application Vulnerability Prediction Using Hybrid Program Analysis and Machine Learning.” IEEE Transactions on Dependable and Secure Computing 12 (2015): 688-707.

• 2016

  • Yu, Fang et al. “Optimal sanitization synthesis for web application vulnerability repair.” ISSTA 2016 (2016).
  • Medeiros, Ibéria et al. “DEKANT: a static analysis tool that learns to detect web application vulnerabilities.” ISSTA 2016 (2016).
  • Alhuzali, Abeer et al. “Chainsaw: Chained Automated Workflow-based Exploit Generation.” Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (2016): n. pag.
  • Medeiros, I., Neves, N.F., & Correia, M.P. (2016). Detecting and Removing Web Application Vulnerabilities with Static Analysis and Data Mining. IEEE Transactions on Reliability, 65, 54-69.

• 2017

  • Backes, M., Rieck, K., Skoruppa, M., Stock, B., & Yamaguchi, F. (2017). Efficient and Flexible Discovery of PHP Application Vulnerabilities. 2017 IEEE European Symposium on Security and Privacy (EuroS&P), 334-349.

  • Pellegrino, Giancarlo et al. “Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs.” Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (2017): n. pag.

• 2018

  • Alhuzali, Abeer et al. “NAVEX: Precise and Scalable Exploit Generation for Dynamic Web Applications.” USENIX Security Symposium (2018)

• 2020

  • Lee, Taek-Jin et al. “FUSE: Finding File Upload Bugs via Penetration Testing.” NDSS (2020).

• 2021

  • Eriksson, B. et al. “Black Widow: Blackbox Data-driven Web Scanning.” (2021).
  • Li, Penghui. “On the Feasibility of Automated Built-in Function Modeling for PHP Symbolic Execution.” (2021).
  • Huang, J., Zhang, J., Liu, J., Li, C., & Dai, R. (2021). UFuzzer: Lightweight Detection of PHP-Based Unrestricted File Upload Vulnerabilities Via Static-Fuzzing Co-Analysis. 24th International Symposium on Research in Attacks, Intrusions and Defenses.

• 2022

  • Park, Sunnyeo and Suman Sekhar Jana. “FUGIO: Automatic Exploit Generation for PHP Object Injection Vulnerabilities.” (2021).
  • Luo, C., Li, P., & Meng, W. (2022). TChecker: Precise Static Inter-Procedural Analysis for Detecting Taint-Style Vulnerabilities in PHP Applications. Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security.
  • Kassar, F.A., Clerici, G., Compagna, L., Balzarotti, D., & Yamaguchi, F. (2022). Testability Tarpits: the Impact of Code Patterns on the Security Testing of Web Applications. Proceedings 2022 Network and Distributed System Security Symposium.

JS研究线

• 2009

  • Guarnieri, Salvatore and Benjamin Livshits. “GATEKEEPER: Mostly Static Enforcement of Security and Reliability Policies for JavaScript Code.” USENIX Security Symposium (2009).

• 2013

  • Lekies, S., Stock, B., & Johns, M. (2013). 25 million flows later: large-scale detection of DOM-based XSS. Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security.
  • Ramalingam, Dillibabu. “A Tool for Finding Bugs in Web Applications.” (2013).

• 2014

  • Stock, B., Lekies, S., Mueller, T., Spiegel, P., & Johns, M. (2014). Precise Client-side Protection against DOM-based Cross-Site Scripting. USENIX Security Symposium.

• 2015

  • Parameshwaran, I., Budianto, E., Shinde, S., Dang, H., Sadhu, A., & Saxena, P. (2015). Auto-patching DOM-based XSS at scale. Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering.
  • Parameshwaran, I., Budianto, E., Shinde, S., Dang, H., Sadhu, A., & Saxena, P. (2015). DexterJS: robust testing platform for DOM-based XSS vulnerabilities. Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering.

• 2017

  • Sun, Kwangwon and Sukyoung Ryu. “Analysis of JavaScript Programs.” ACM Computing Surveys (CSUR) 50 (2017): 1 - 34.

• 2018

  • Lauinger, T., Chaabane, A., Arshad, S., Robertson, W.K., Wilson, C., & Kirda, E. (2017). Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web. ArXiv, abs/1811.00918.
  • Staicu, C., Pradel, M., & Livshits, B. (2018). SYNODE: Understanding and Automatically Preventing Injection Attacks on NODE.JS. NDSS.

• 2019

  • Zimmermann, M., Staicu, C., Tenny, C., & Pradel, M. (2019). Small World with High Risks: A Study of Security Threats in the npm Ecosystem. USENIX Security Symposium.

• 2020

  • Chinthanet, B., Ponta, S.E., Plate, H., Sabetta, A., Kula, R., Ishio, T., & Matsumoto, K. (2020). Code-Based Vulnerability Detection in Node.js Applications: How far are we? 2020 35th IEEE/ACM International Conference on Automated Software Engineering (ASE), 1199-1203.

• 2021

  • Xiao, F., Huang, J., Xiong, Y., Yang, G., Hu, H., Gu, G., & Lee, W. (2021). Abusing Hidden Properties to Attack the Node.js Ecosystem.
  • Staicu, Cristian-Alexandru et al. “Extracting Taint Specifications for JavaScript Libraries.” 2020 IEEE/ACM 42nd International Conference on Software Engineering (ICSE) (2020): 198-209.
  • Park, Sunnyeo and Suman Sekhar Jana. “FUGIO: Automatic Exploit Generation for PHP Object Injection Vulnerabilities.” (2021).

• 2022

  • Wi, S., Woo, S., Whang, J.J., & Son, S. (2022). HiddenCPG: Large-Scale Vulnerable Clone Detection Using Subgraph Isomorphism of Code Property Graphs. Proceedings of the ACM Web Conference 2022.

Java污点分析

• 2009
  • Tripp, O., Pistoia, M., Fink, S.J., Sridharan, M., & Weisman, O. (2009). TAJ: effective taint analysis of web applications. PLDI '09.
• 2011
  • Sridharan, Manu et al. “F4F: taint analysis of framework-based web applications.” OOPSLA '11 (2011).

Python

• Lagouvardos, Sifis et al. “Static Analysis of Shape in TensorFlow Programs.” ECOOP (2020).

Code Mining

• Hong, C. (2009). Survey on applications of software source code mining. Journal of Computer Applications.
• Zhao-hui, Liang and Moems Key. “Survey on Data Processing in Code Mining.” Journal of Chinese Computer Systems (2010): n. pag.
• Dyer, R., Rajan, H., & Nguyen, T.N. (2013). Declarative visitors to ease fine-grained source code mining with full history on billions of AST nodes. GPCE.

程序分析技术

• taint analysis

  • Denning, Dorothy E.. “A lattice model of secure information flow.” Commun. ACM 19 (1976): 236-243.

• SSA

• Sea of Nodes

  • A Simple Graph-Based Intermediate Representation
  • Semantic reasoning about the sea of nodes
  • sea-of-nodes

• IFDS:

  • Reps, T., Sagiv, M., & Horwitz, S. (2008). Interprocedural Dataflow Analysis via Graph Reachability.
  • (95POPL)Precise interprocedural dataflow analysis via graph reachability

• Pointer Analysis

  • Anderson(流不敏感，上下文不敏感)
  • SFS(分阶段的流敏感分析算法)
  • VFG（值流图上下文敏感）

flaw detection base on query languages and graphs

1994

• Paul, S., & Prakash, A. (1994). A Framework for Source Code Search Using Program Patterns. IEEE Trans. Software Eng., 20, 463-475.

2005

• Hallem, S., Chelf, B., Xie, Y., & Engler, D. (2002). A system and language for building system-specific, static analyses. PLDI '02.
• Goldsmith, S., O'Callahan, R., & Aiken, A. (2005). Relational queries over program traces. OOPSLA '05.
• Lam, M., Whaley, J., Livshits, B., Martin, M.C., Avots, D., Carbin, M., & Unkel, C. (2005). Context-sensitive program analysis as database queries. PODS '05.
• Martin, M.C., Livshits, B., & Lam, M. (2005). Finding application errors and security flaws using PQL: a program query language. OOPSLA '05.

Black-box Web Application Scanner

• Doupé, Adam et al. “Enemy of the State: A State-Aware Black-Box Web Vulnerability Scanner.” USENIX Security Symposium (2012).
• Amankwah, Richard et al. “An empirical comparison of commercial and open‐source web vulnerability scanners.” Software: Practice and Experience 50 (2020): 1842 - 1857.
• Eriksson, B. et al. “Black Widow: Blackbox Data-driven Web Scanning.” 2021 IEEE Symposium on Security and Privacy (SP) (2021): 1125-1142.
• Pellegrino, G., Tschürtz, C., Bodden, E., & Rossow, C. (2015). jÄk: Using Dynamic Analysis to Crawl and Test Modern Web Applications. RAID.

Vul: CSRF

• https://www.semanticscholar.org/paper/Deemon%3A-Detecting-CSRF-with-Dynamic-Analysis-and-Pellegrino-Johns/b15e942e526e4a03ecd0af31cbdf9b43bf81a829
• Calzavara, Stefano et al. “Mitch: A Machine Learning Approach to the Black-Box Detection of CSRF Vulnerabilities.” 2019 IEEE European Symposium on Security and Privacy (EuroS&P) (2019): 528-543.
• Khodayari, Soheil and Giancarlo Pellegrino. “JAW: Studying Client-side CSRF with Hybrid Property Graphs and Declarative Traversals.” USENIX Security Symposium (2021).

Vul: Code Reuse(Deserialization)

PHP

• Shahriar, H., & Haddad, H.M. (2016). Object injection vulnerability discovery based on latent semantic indexing. Proceedings of the 31st Annual ACM Symposium on Applied Computing.
• Koutroumpouchos, Nikolaos, Georgios Lavdanis, Eleni Veroni, Christoforos Ntantogian and Christos Xenakis. “ObjectMap: detecting insecure object deserialization.” Proceedings of the 23rd Pan-Hellenic Conference on Informatics (2019): n. pag.

JAVA

• Rasheed, Shawn and Jens Dietrich. “A Hybrid Analysis to Detect Java Serialisation Vulnerabilities.” 2020 35th IEEE/ACM International Conference on Automated Software Engineering (ASE) (2020): 1209-1213.

.NET

• Shcherbakov, Mikhail and Musard Balliu. “SerialDetector: Principled and Practical Exploration of Object Injection Vulnerabilities for the Web.” NDSS (2021).