Ari Kesäniemi (NIXU). Contact <email@example.com> for more information.
The purpose of the analyzer is to find vulnerabilities in dynamic web code. Typical target is to find DOM-based XSS vulnerabilities in jQuery code, but analysis must not be limited to only this combination (e.g. other libraries and HTML5 API should be considered).
The main focus of the tool is to identify a certain set of function calls in the source and perform data flow analysis for them to identify tainted data usage, e.g. considering callback functions, parameter passing and other non-trivial constructs.
Will be decided upon project start.
The team is expected to have the following skills:
The team will get necessary induction for Web 2.0 security issues from Nixu.
Projekti toteutetaan laitoksen yleisen lisenssisopimuksen alaisuudessa.