D. A. Sigalov, A. A. Khashaev, D. Yu. Gamayunov, “Detecting server-side endpoints in web applications based on static analysis of client-side JavaScript code”, Prikl. Diskr. Mat., 2021, no. 53, 32

Prikladnaya Diskretnaya Matematika

RUS ENG

JOURNALS PEOPLE ORGANISATIONS CONFERENCES SEMINARS VIDEO LIBRARY PACKAGE AMSBIB

JavaScript is disabled in your browser. Please switch it on to enable full functionality of the website

	General information
	Latest issue
	Archive
	Impact factor

	Search papers
	Search references

	RSS
	Latest issue
	Current issues
	Archive issues
	What is RSS

Prikl. Diskr. Mat.:
Year:
Volume:
Issue:
Page:
	Find

Personal entry:
Login:
Password:
	Save password
	Enter
	Forgotten password?
	Register

Prikladnaya Diskretnaya Matematika, 2021, Number 53, Pages 32–54
DOI: https://doi.org/10.17223/20710410/53/3 (Mi pdm745)

Mathematical Backgrounds of Computer Security

Detecting server-side endpoints in web applications based on static analysis of client-side JavaScript code

D. A. Sigalov, A. A. Khashaev, D. Yu. Gamayunov

Lomonosov Moscow State University, Moscow, Russia

Full-text PDF (770 kB)

References:

PDF

HTML

DOI: https://doi.org/10.17223/20710410/53/3

Abstract: The problem of server-side endpoint detection in the context of blackbox security analysis of dynamic web applications is considered. We propose a method to increase coverage of server-side endpoint detection using static analysis of client-side JavaScript code to find functions which generate HTTP requests to the server-side of the application and reconstruct parameters for those functions. In the context of application security testing, static analysis allows to find such functions even in dead or unreachable JavaScript code, which cannot be achieved by dynamic crawling or dynamic code analysis. Evaluation of the proposed method and its implementation has been done using synthetic web application with endpoints vulnerable to SQL injections, and the same application was used to compare the proposed method with existing solutions. Evaluation results show that adding JavaScript static analysis to traditional dynamic crawling of web applications may significantly improve server-side endpoint coverage in blackbox application security analysis.

Keywords: web applications, static analysis, JavaScript.

Funding agency	Grant number
Ministry of Science and Higher Education of the Russian Federation	7/1251/2019

Bibliographic databases:

Document Type: Article

UDC: 004.056.53

Language: Russian

Citation: D. A. Sigalov, A. A. Khashaev, D. Yu. Gamayunov, “Detecting server-side endpoints in web applications based on static analysis of client-side JavaScript code”, Prikl. Diskr. Mat., 2021, no. 53, 32–54

Citation in format AMSBIB

\Bibitem{SigKhaGam21}

\by D.~A.~Sigalov, A.~A.~Khashaev, D.~Yu.~Gamayunov

\paper Detecting server-side endpoints in web applications based on static analysis of client-side JavaScript code

\jour Prikl. Diskr. Mat.

\yr 2021

\issue 53

\pages 32--54

\mathnet{http://mi.mathnet.ru/pdm745}

\crossref{https://doi.org/10.17223/20710410/53/3}

Linking options:

https://www.mathnet.ru/eng/pdm745

https://www.mathnet.ru/eng/pdm/y2021/i3/p32

Citing articles in Google Scholar: Russian citations, English citations
Related articles in Google Scholar: Russian articles, English articles

Что такое QR-код?

Registration to the website

Logotypes