Type of Submission

Poster

Keywords

Cryptography, JavaScript, Vulnerability Analysis, Security Vulnerabilities, Code Scanning, Codebase, Query Language, Security Checks, Automate, GitHub

Proposal

Cryptography is an important tool in the security of our software systems. However, mistakes are often made by developers who do not implement cryptography correctly in their projects. As JavaScript becomes more popular as a language for full-stack development, vulnerabilities in JavaScript due to misuses of the cryptographic APIs and incorrect practices have increased as well. Our project focuses on developing CodeQL queries to find vulnerabilities in JavaScript code due to misuses of cryptography. We are designing and implementing several queries that find some of these misuses and will submit them to GitHub for review with the hope of having them accepted as official queries included on the public repo. This will allow developers all over the world to improve the security of their codebases by automatically scanning them with CodeQL, and therefore with our queries.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.

Publication Date

2023

Share

COinS
 

ACCIDENT with CodeQL

Cryptography is an important tool in the security of our software systems. However, mistakes are often made by developers who do not implement cryptography correctly in their projects. As JavaScript becomes more popular as a language for full-stack development, vulnerabilities in JavaScript due to misuses of the cryptographic APIs and incorrect practices have increased as well. Our project focuses on developing CodeQL queries to find vulnerabilities in JavaScript code due to misuses of cryptography. We are designing and implementing several queries that find some of these misuses and will submit them to GitHub for review with the hope of having them accepted as official queries included on the public repo. This will allow developers all over the world to improve the security of their codebases by automatically scanning them with CodeQL, and therefore with our queries.

 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.