Open AccessA Review on JavaScript Engine Vulnerability Mining
Author(s) -
Zeyan Kang
Publication year - 2021
Publication title -
journal of physics. conference series
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.21
H-Index - 85
eISSN - 1742-6596
pISSN - 1742-6588
DOI - 10.1088/1742-6596/1744/4/042197
Subject(s) - unobtrusive javascript , javascript , rich internet application , computer science , world wide web , vulnerability (computing) , web application , computer security
With the increasing number of web applications on the Internet, the number of clients increases rapidly. Usually, the client will support the execution of JavaScript language. JavaScript engine has become the core part of modern browser to provide dynamic and interactive website. As of July 2018, about 94.9% of websites use JavaScript language [1]. It makes the browser’s JavaScript engine a hot target for attackers. However, due to the characteristics of JavaScript language and inconsistent browser implementation, the vulnerability of JavaScript execution engine has become a major hidden danger of browser security. In this paper, from the composition of JavaScript engine, the common vulnerability forms in the engine, to the existing mainstream engine vulnerability mining tools and methods from dynamic and static perspectives. This paper summarizes the development and existing problems of JavaScript vulnerability mining technology, focuses on the application of fuzzy testing technology in JavaScript vulnerability mining, and analysis the future development trend of JavaScript vulnerability detection combined with existing methods and technologies.