all InfoSec news
Study of JavaScript Static Analysis Tools for Vulnerability Detection in Node.js Packages. (arXiv:2301.05097v1 [cs.CR])
cs.CR updates on arXiv.org arxiv.org
With the emergence of the Node.js ecosystem, JavaScript has become a
widely-used programming language for implementing server-side web applications.
In this paper, we present the first empirical study of static code analysis
tools for detecting vulnerabilities in Node.js code. To conduct a comprehensive
tool evaluation, we created the largest known curated dataset of Node.js code
vulnerabilities. We characterized and annotated a set of 957 vulnerabilities by
analyzing information contained in npm advisory reports. We tested nine
different tools and found …
analysis applications code code analysis code vulnerabilities detection ecosystem evaluation javascript language node node.js packages programming programming language server static analysis static code analysis study tool tools vulnerabilities vulnerability vulnerability detection web web applications