Publication | Closed Access
A Symbolic Execution Framework for JavaScript
450
Citations
20
References
2010
Year
Unknown Venue
EngineeringSoftware EngineeringSource Code AnalysisSoftware AnalysisFormal VerificationSymbolic ComputationClient-side Javascript CodeVulnerability Assessment (Computing)Symbolic Execution FrameworkJavascript CodeFuzzingDynamic CompilationComputer EngineeringComputer ScienceAjax ApplicationsSecurity Testing MethodSoftware SecurityProgram AnalysisAutomated ReasoningSoftware TestingFormal MethodsSymbolic ExecutionSystem Software
AJAX applications are increasingly complex, yet few automated vulnerability analysis tools for client‑side JavaScript exist. The paper presents the first system for exploring the execution space of JavaScript code via symbolic execution. The authors design a new language of string constraints with an accompanying solver, build the end‑to‑end tool Kudzu, and apply it to detect client‑side code injection vulnerabilities. Experiments on 18 live web applications show Kudzu automatically discovers two previously unknown vulnerabilities and nine others that were only found with a manually constructed test suite.
As AJAX applications gain popularity, client-side JavaScript code is becoming increasingly complex. However, few automated vulnerability analysis tools for JavaScript exist. In this paper, we describe the first system for exploring the execution space of JavaScript code using symbolic execution. To handle JavaScript code's complex use of string operations, we design a new language of string constraints and implement a solver for it. We build an automatic end-to-end tool, Kudzu, and apply it to the problem of finding client-side code injection vulnerabilities. In experiments on 18 live web applications, Kudzu automatically discovers 2 previously unknown vulnerabilities and 9 more that were previously found only with a manually-constructed test suite.
| Year | Citations | |
|---|---|---|
Page 1
Page 1