JSPrime:A Light-Weight Source Code Scanner
Introduction
Today, many developers moved to JavaScript technology because of its simplicity, flexibility and as it is user-friendly. In recent days because of major advancements or changes in the performance of JavaScript interpreters, that advancement results in elimination of the throughput and scaleability issue from many organizations. Because of these major features, JavaScript is considered as a powerful and the most living language. It grew through Node.JS from client-side code web applications to server-side. JavaScript has also been used for writing applications for Upcoming Firefox OS apps and many mobile operating systems such as Windows 8 apps..
But, there is a problem which may lead to client-side attacks. So firstly we have to understand the reason for this issue and we have to figure out that what can be done to overcome with this problem? Is there any tools that can solve the real-world problems. JSPrime is one of the tools which can be used to solve the problem.
Definition of JSPrime:
JSPrime (a light-weight source code scanner) written in Javascript uses a static analysis method for identifying security issues. It also uses the open-source ECMAScript parser(Esprima.org)
Features of JSPrime:
- > It can easily trace the Variable & Function.
- > It can also analysis the Variable & Function Scope Aware.
- > It is Prototype and OOP Compliant.
- > It provides very Minimum False Positive alerts.
- > It supports JavaScript.
- > It is a light-weight code scanner.
Upcoming features are:
By using Hybrid Analysis decompression and de-obfuscation of automatic code.
It can also support ECMAScript family.
JSPrime can do the following:
- > It can follow code execution order
- > Handle First-class functions
- > Analyze Prototype-based inheritance
- > Understand type-casting
- > Understand context-based filter functions
- > Library aware sources and sinks
- > It provides Variable, Objects, Functions scope aware analysis
- > It provides Data-flow and Control-flow analysis
Usage:
Client-side
Firstly Open the "index.html" in the browser.
Server-Side (Node.JS)
In the terminal type "node server.js"
ليست هناك تعليقات:
إرسال تعليق