Affogato
Affogato is a dynamic taint analysis engine for Node.js.
Affogato
Affogato
Affogato is a dynamic taint analysis engine for Node.js.
Project Overview
Node.js is a JavaScript runtime environment that is popular for creating web applications. A typical Node.js application can be anything from a simple website to a large microservice-style application deployed to the cloud.
How it works
We build tools to detect security vulnerabilities in cutting-edge Node.js web applications. We analyse these applications at runtime (i.e., dynamic analysis) to detect and prevent bugs that could lead to security vulnerabilities, such as denial-of-service attacks, or confidential information being stolen from a database.
Our challenges
The fast-evolving nature of the language and its environment make Node.js applications a challenging target for any program analysis. As part of our research, we aim to create analyses that are easy to use, precise, and fast enough to be deployed in production.
As part of our project, we collaborate with the Graal team to explore efficient dynamic analysis techniques applied to dynamic languages.
Industrial researcher with 10+ years leading research projects in program analysis and cybersecurity. Currently leading the Possum Pie project with an aim to check, tighten and ultimately infer security policies for cloud-native applications.
I am passionate about leading highly technical R&D projects and developing industrial tooling to automatically reason about code and detect vulnerabilities before they reach customers. Throughout my career, I have developed and patented static, dynamic, runtime and fuzzing analyses. I have also led explorations PDF and MS Office malware detection.