Paper accepted at top security conference NDSS'18

As JavaScript is getting more and more popular for server-side web applications, its security is a crucial concern. CYSEC researchers have studied over 230,000 JavaScript code modules and found that many of them are vulnerable to code injection attacks, which allow an attacker to take full control of the underlying machine. To prevent such attacks, the researchers developed a technique to not only detect injection vulnerabilities but to also fix them automatically.

A paper on this work will appear at NDSS'18, one of the top security conferences, which will take place February 18-21, 2018 in San Diego, California. The project is joint work with Ben Livshits from Microsoft Research/Imperial College London.

Understanding and Automatically Preventing Injection Attacks on Node.js

Cristian-Alexandru Staicu, Michael Pradel, Ben Livshits

Preliminary PDF (opens in new tab)