Dynamic Analysis of Node.js Applications

OVERVIEW

  • Node.js is a JavaScript runtime environment that is popular for creating web applications. A typical Node.js application can be anything from a simple website to a large microservice-style application deployed to the cloud.

    How it works

    We build tools to detect security vulnerabilities in cutting-edge Node.js web applications. We analyse these applications at runtime (i.e., dynamic analysis) to detect and prevent bugs that may lead to security vulnerabilities, such as denial-of-service attacks or confidential information being stolen from a database.

    Our challenges

    The fast-evolving nature of the language and its environment make Node.js applications a challenging target for any program analysis. As part of our research, we aim to create analyses that are easy to use, precise, and fast enough to be deployed in production.

    As part of our project, we collaborate with the Graal team to explore efficient dynamic analysis techniques applied to dynamic languages.