DAPP: automatic detection and analysis of prototype pollution vulnerability in Node.js modules

Kim, Hee Yeon; Kim, Ji Hoon; Oh, Ho Kyun; Lee, Beom Jin; Mun, Si Woo; Shin, Jung H.; Kim, Kyounggon

doi:10.1007/s10207-020-00537-0

Cited by 25 publications

(9 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The authors of [93] also apply dynamic analysis and symbolic execution to detect attacks that leverage hidden properties in client-and server-side JavaScript. There are also academic works that employ static analysis techniques for detecting vulnerabilities in Node.js, but most focus on detecting prototype pollution vulnerabilities [94,95]. ODGen [15] is the only purely static code analysis tool developed by the academia that aims to detect several types of vulnerabilities in Node.js.…”

Section: Related Workmentioning

confidence: 99%

Study of JavaScript Static Analysis Tools for Vulnerability Detection in Node.js Packages

Brito¹,

Ferreira²,

Monteiro³

et al. 2023

Preprint

View full text Add to dashboard Cite

With the emergence of the Node.js ecosystem, JavaScript has become a widely-used programming language for implementing server-side web applications. In this paper, we present the first empirical study of static code analysis tools for detecting vulnerabilities in Node.js code. To conduct a comprehensive tool evaluation, we created the largest known curated dataset of Node.js code vulnerabilities. We characterized and annotated a set of 957 vulnerabilities by analyzing information contained in npm advisory reports. We tested nine different tools and found that many important vulnerabilities appearing in the OWASP Top-10 are not detected by any tool. The three best performing tools combined only detect up to 57.6% of all vulnerabilities in the dataset, but at a very low precision of 0.11%. Our curated dataset offers a new benchmark to help characterize existing Node.js code vulnerabilities and foster the development of better vulnerability detection tools for Node.js code.

show abstract

Section: Related Workmentioning

confidence: 99%

Study of JavaScript Static Analysis Tools for Vulnerability Detection in Node.js Packages

Brito¹,

Ferreira²,

Monteiro³

et al. 2023

Preprint

View full text Add to dashboard Cite

show abstract

“…Docker has seized 83 percent of the containerization industry, which is expected to generate $2.7 billion in sales by 2020. In 2018, the Data log estimated that around a quarter of their clients had already used Docker [41].…”

Section: G Dockermentioning

confidence: 99%

A Smart Contract Approach in Pakistan Using Blockchain for Land Management

Zaman

Idrees

Ashraf

et al. 2022

IJIST

View full text Add to dashboard Cite

Management of land records includes actions such as registration and transfer of property ownership. For many nations, land ownership and management are important sources of income. Corrupted spans from small-scale payments to large-scale cause an abuse for government. In the literature, a number of concerns have been raised about Land Record Management. There are several problems with Land Record Management in developing nations, such as tampering with land records and no methods of retrieving a full property ownership record, operating multiple linked Land Record Management Systems independently, etc. Traditional land record management solutions do not solve these challenges. We propose a Blockchain-based Land Record Management system for Pakistan to solve these concerns. It has been decided to use the suggested system, and the specifics of its implementation are described in this thesis.

show abstract

“…Due to the prevalence of online services offered by various organizations, websites have become a significant target for cyber-attacks [1]. As a result, extensive research has been conducted on attack methods and defenses against websites [2][3][4][5]. Attacks on websites can be classified into two categories: those targeting web server applications and those targeting website users.…”

Section: Introductionmentioning

confidence: 99%

Client-Based Web Attacks Detection Using Artificial Intelligence

Hong

Kim

et al. 2023

Preprint

Self Cite

View full text Add to dashboard Cite

The prevalence of client-based web attacks, which exploit web vulnerabil- ities, has been increasing with the growth of web sites. Although pattern detection has been widely used to protect against web attacks, it has a high probability of failing to detect new types of attacks. To address this issue, we propose a novel approach for responding to three typical client- based web attacks (JavaScript malware, phishing attacks, and script- based web attacks) using machine learning algorithms. Our approach involves extracting relevant features from source code and URLs, and then training and testing various machine learning models (including Random Forest, Deep Neural Network, and Convolutional Neural Net- work) to determine the final model. Our experimental results indicate that our Random Forest model achieved high accuracy rates, with 99.99% for JavaScript malware, 95.11% for phishing attacks, and 94.77% for script-based web attacks. Furthermore, we developed a Chrome extension that uses the learned models to block client-based web attacks.

show abstract

DAPP: automatic detection and analysis of prototype pollution vulnerability in Node.js modules

Cited by 25 publications

References 22 publications

Study of JavaScript Static Analysis Tools for Vulnerability Detection in Node.js Packages

Study of JavaScript Static Analysis Tools for Vulnerability Detection in Node.js Packages

A Smart Contract Approach in Pakistan Using Blockchain for Land Management

Client-Based Web Attacks Detection Using Artificial Intelligence

Contact Info

Product

Resources

About