Publication Date

Spring 2023

Degree Type

Master's Project

Degree Name

Master of Science (MS)

Department

Computer Science

First Advisor

Thomas Austin

Second Advisor

Chris Pollett

Third Advisor

Ben Reed

Keywords

taint analysis, Typescript

Abstract

With the widespread use of web applications across the globe, and the ad- vancements in web technologies in recent years, these applications have grown more ubiquitous and sophisticated than ever before. Modern web applications face the constant threat of numerous web security risks given their presence on the internet and the massive influx of data from external sources. This paper presents a novel method for analyzing taint through type-checking and applies it to web applications in the context of preventing online security threats. The taint analysis technique is implemented in TypeScript using its built-in type-checking features, and then integrated into a web application developed using the React web framework. This web application is then validated against different types of injection attacks.

The results of the validation show that taint analysis is an effective means to prevent pervasive online attacks, such as eval injection, cross-site scripting (XSS), and SQL injection in web applications. Considering that our proposed taint analysis technique can be implemented using existing type-checking features of TypeScript, it can be quickly adopted by developers to add taint analysis into their applications with no performance overhead. With the large number of web applications developed in TypeScript, the widespread adoption of our technique can help prevent cyberattacks and protect the online community from potential harm. By combining taint analysis with other secure web practices, such as input validation, application developers can strengthen the overall security of web applications.

Download

Share

COinS