The popularity of JavaScript has lead to a large ecosystem of third-party packages available
via the npm software package registry. The open nature of npm has boosted its growth …

JavaScript engines are an attractive target for attackers due to their popularity and flexibility
in building exploits. Current state-of-the-art fuzzers for finding JavaScript engine …

Prototype pollution is a dangerous vulnerability affecting prototype-based languages like
JavaScript and the Node. js platform. It refers to the ability of an attacker to inject properties …

Static bug detectors are becoming increasingly popular and are widely used by professional
software developers. While most work on bug detectors focuses on whether they find bugs at …

Despite the fact that most real-world software systems today are written in multiple
programming languages, existing program analysis based security techniques are still …

Node. js is a popular non-browser JavaScript platform that provides useful but sometimes
also vulnerable packages. On one hand, prior works have proposed many program analysis …

Prototype pollution is a type of vulnerability specific to prototype-based languages, such as
JavaScript, which allows an adversary to pollute a base object's property, leading to a further …

The promise of software sandboxing is flexible, fast and portable isolation; capturing the
benefits of hardwarebased memory protection without requiring operating system …

Modern programs are increasingly multilanguage, to benefit from each programming
language's advantages and to reuse libraries. For example, developers may want to …

Static analysis is one of the most widely adopted techniques to find software bugs before
code is put in production. Designing and implementing effective and efficient static analyses …