Real-Time Detection of Multi-File DOM-Based XSS Vulnerabilities Using Static Analysis: A Developer-Oriented Approach for Securing Web Applications

Akira Kanaoka; Shu Hiura

doi:10.5220/0013109300003899

Real-Time Detection of Multi-File DOM-Based XSS Vulnerabilities Using Static Analysis: A Developer-Oriented Approach for Securing Web Applications

Akira Kanaoka, Shu Hiura

2025

Abstract

This paper introduces a static analysis method for real-time detection of DOM-Based Cross-Site Scripting (XSS) vulnerabilities that occur across multiple files in web applications. As modular development in JavaScript becomes increasingly common, the risk of DOM-Based XSS vulnerabilities grows due to complex interactions between separate files. Existing detection methods often struggle to comprehensively identify these vulnerabilities. Our approach focuses on real-time detection during the development process by expanding static analysis to cover multiple files. We implemented this method as an extension for Visual Studio Code (VSCode), offering developers immediate feedback on potential security risks. In addition to proposing and evaluating our method, we also address the lack of suitable datasets for evaluation by creating a neutral and comprehensive dataset that includes multi-file DOM-Based XSS vulnerabilities. The evaluation shows that our method enhances the accuracy of DOM-Based XSS detection, contributing to improved security in web applications.

Download

Paper Citation

in Harvard Style

Kanaoka A. and Hiura S. (2025). Real-Time Detection of Multi-File DOM-Based XSS Vulnerabilities Using Static Analysis: A Developer-Oriented Approach for Securing Web Applications. In Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP; ISBN 978-989-758-735-1, SciTePress, pages 191-198. DOI: 10.5220/0013109300003899

in Bibtex Style

@conference{icissp25,
author={Akira Kanaoka and Shu Hiura},
title={Real-Time Detection of Multi-File DOM-Based XSS Vulnerabilities Using Static Analysis: A Developer-Oriented Approach for Securing Web Applications},
booktitle={Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP},
year={2025},
pages={191-198},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0013109300003899},
isbn={978-989-758-735-1},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP
TI - Real-Time Detection of Multi-File DOM-Based XSS Vulnerabilities Using Static Analysis: A Developer-Oriented Approach for Securing Web Applications
SN - 978-989-758-735-1
AU - Kanaoka A.
AU - Hiura S.
PY - 2025
SP - 191
EP - 198
DO - 10.5220/0013109300003899
PB - SciTePress