Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Efficient Static Vulnerability Analysis for JavaScript with Multiversion Dependency Graphs

ACM SIGPLAN via YouTube

Overview

Explore a groundbreaking approach to static vulnerability analysis for JavaScript in this 20-minute conference talk from PLDI 2024. Delve into the innovative Multiversion Dependency Graph (MDG), a novel graph-based data structure designed to capture object state evolution during program execution. Learn how this new technique improves upon existing Code Property Graph (CPG) methods, offering a balance between scalability and effectiveness in identifying vulnerability patterns. Discover the implementation of Graph.js, a specialized MDG-based static vulnerability scanner for npm packages, and its superior performance in detecting taint-style and prototype pollution vulnerabilities. Gain insights into how this approach significantly reduces false negatives and analysis time compared to current state-of-the-art tools, and uncover its potential in identifying previously undiscovered vulnerabilities in npm packages.

Syllabus

[PLDI24] Efficient Static Vulnerability Analysis for JavaScript with Multiversion Dependency Graphs

Taught by

ACM SIGPLAN

Reviews

Start your review of Efficient Static Vulnerability Analysis for JavaScript with Multiversion Dependency Graphs

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.