ECOOP 2018
Sun 15 - Sat 21 July 2018 Amsterdam, Netherlands
co-located with ECOOP and ISSTA 2018
Fri 20 Jul 2018 15:00 - 15:15 at Hamburg - Bug Finding

Node.js took JavaScript from the browser to server-side web applications, and injection vulnerabilities are now commonly reported in Node.js modules. However, existing taint analysis approaches for JavaScript are brittle, require extensive manual modelling, and fail to analyse simple Node.js applications. For this reason, we developed AFFOGATO, a robust and practical grey-box taint analysis tool that uses black-box reasoning to overcome the need for manual modellingwhile using white-box program analysis to reason about critical program operations. We evaluate AFFOGATO on a suite of Node.js modules and show how it can detect all publicly disclosed injection vulnerabilities with an acceptable overhead, outperforming the existing state-of-the-art tool for Node.js.

slides (Affogato.pdf)910KiB

Fri 20 Jul
Times are displayed in time zone: (GMT+02:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

14:00 - 15:30: SOAP - Bug Finding at Hamburg
SOAP-2018-papers14:00 - 14:50
Michael PradelTU Darmstadt
Pre-print File Attached
SOAP-2018-papers15:00 - 15:15
François GauthierOracle Labs, Behnaz HassanshahiOracle Labs, Australia, Alexander JordanOracle Labs, Australia
Link to publication DOI File Attached
SOAP-2018-papers15:15 - 15:30
Andreas SchulerUniversity of Applied Sciences Upper Austria, Gabriele Anderst-KotsisJohannes Kepler University, Linz, Austria
File Attached