Pycg: Practical call graph generation in python
V Salis, T Sotiropoulos, P Louridas… - 2021 IEEE/ACM …, 2021 - ieeexplore.ieee.org
Call graphs play an important role in different contexts, such as profiling and vulnerability
propagation analysis. Generating call graphs in an efficient manner can be a challenging …
propagation analysis. Generating call graphs in an efficient manner can be a challenging …
Silent spring: Prototype pollution leads to remote code execution in Node. js
Prototype pollution is a dangerous vulnerability affecting prototype-based languages like
JavaScript and the Node. js platform. It refers to the ability of an attacker to inject properties …
JavaScript and the Node. js platform. It refers to the ability of an attacker to inject properties …
Analysis of JavaScript programs: Challenges and research trends
K Sun, S Ryu - ACM Computing Surveys (CSUR), 2017 - dl.acm.org
JavaScript has been a de facto standard language for client-side web programs, and now it
is expanding its territory to general purpose programs. In this article, we classify the client …
is expanding its territory to general purpose programs. In this article, we classify the client …
Modular call graph construction for security scanning of node. js applications
Most of the code in typical Node. js applications comes from third-party libraries that consist
of a large number of interdependent modules. Because of the dynamic features of …
of a large number of interdependent modules. Because of the dynamic features of …
Taintmini: Detecting flow of sensitive data in mini-programs with static taint analysis
Mini-programs, which are programs running inside mobile super apps such as WeChat,
often have access to privacy-sensitive information, such as location data and phone …
often have access to privacy-sensitive information, such as location data and phone …
Freezing the Web: a study of {ReDoS} vulnerabilities in {JavaScript-based} web servers
Regular expression denial of service (ReDoS) is a class of algorithmic complexity attacks
where matching a regular expression against an attacker-provided input takes unexpectedly …
where matching a regular expression against an attacker-provided input takes unexpectedly …
Detecting node. js prototype pollution vulnerabilities via object lookup analysis
Prototype pollution is a type of vulnerability specific to prototype-based languages, such as
JavaScript, which allows an adversary to pollute a base object's property, leading to a further …
JavaScript, which allows an adversary to pollute a base object's property, leading to a further …
Mining node. js vulnerabilities via object dependence graph and query
Node. js is a popular non-browser JavaScript platform that provides useful but sometimes
also vulnerable packages. On one hand, prior works have proposed many program analysis …
also vulnerable packages. On one hand, prior works have proposed many program analysis …
[PDF][PDF] Understanding and automatically preventing injection attacks on Node. js
The NODE. JS ecosystem has lead to the creation of many modern applications, such as
server-side web applications and desktop applications. Unlike client-side JavaScript code …
server-side web applications and desktop applications. Unlike client-side JavaScript code …
Mininode: Reducing the attack surface of node. js applications
I Koishybayev, A Kapravelos - … on Research in Attacks, Intrusions and …, 2020 - usenix.org
JavaScript has gained traction as a programming language that qualifies for both the client-
side and the server-side logic of applications. A new ecosystem of server-side code written …
side and the server-side logic of applications. A new ecosystem of server-side code written …