Open Source tool for analysing javascript for security vulnerabilities

Question

I am completely new to this field and am a college student. I am looking for a static code analysis tool that scans the source code of a web app ( NOT the URL) for security vulnerabilities. So far i have not found a tool that scans the code, it is only asking to paste the URL which is not what i am looking for.Could you please suggest me an "OPEN SOURCE" tool that scans web app developed using ""javascript"""? Please guys!!!

Answer 1

You've mentioned that your app is written in JavaScript, and I assume you are talking about JavaScript that runs in the browser, and not in a Node.js server. That leaves me unsure about whether your app has any server side code (e.g. Java Servlets, PHP, ASP.NET, Ruby, etc).

If you don't have any server side code then your app is quite low risk: there is very little an attacker could get from attacking it. There won't be any database, so there won't be a risk of SQL injection. Can you elaborate on what you are trying to protect? For example, is there any sensitive information handled by the app?

This open source scanner looks for DOM based Cross site scripting, but I'm not sure how easy it would be to set up. You can also search Google for "xss detection plugin" to find other browser plugins that scan web apps.

If your app has server side code then leave a comment to say what language it is so I can suggest a scanner for it.

EDIT: If I understand you correctly, you need to create a web app where users can upload the source for their app, and your web app will tell the users what vulnerabilities are in their app. The uploaded app to be tested might contain Javascript. Have a look at this library, it might help you to scan Javascript for security vulnerabilities.