A symbolic execution framework for JavaScript

Prateek Saxena, Devdatta Akhawe, Steve Hanna, Feng Mao, Stephen McCamant, Dawn Song

Research output: Chapter in Book/Report/Conference proceedingConference contribution

261 Scopus citations

Abstract

As AJAX applications gain popularity, client-side JavaScript code is becoming increasingly complex. However, few automated vulnerability analysis tools for JavaScript exist. In this paper, we describe the first system for exploring the execution space of JavaScript code using symbolic execution. To handle JavaScript code's complex use of string operations, we design a new language of string constraints and implement a solver for it. We build an automatic end-to-end tool, Kudzu, and apply it to the problem of finding client-side code injection vulnerabilities. In experiments on 18 live web applications, Kudzu automatically discovers 2 previously unknown vulnerabilities and 9 more that were previously found only with a manually-constructed test suite.

Original languageEnglish (US)
Title of host publication2010 IEEE Symposium on Security and Privacy, SP 2010 - Proceedings
Pages513-528
Number of pages16
DOIs
StatePublished - 2010
Event31st IEEE Symposium on Security and Privacy, SP 2010 - Berkeley/Oakland, CA, United States
Duration: May 16 2010May 18 2010

Publication series

NameProceedings - IEEE Symposium on Security and Privacy
ISSN (Print)1081-6011

Other

Other31st IEEE Symposium on Security and Privacy, SP 2010
CountryUnited States
CityBerkeley/Oakland, CA
Period5/16/105/18/10

Keywords

  • String decision procedures
  • Symbolic execution
  • Web security

Fingerprint Dive into the research topics of 'A symbolic execution framework for JavaScript'. Together they form a unique fingerprint.

Cite this