How it works
We build tools to detect security vulnerabilities in cutting-edge Node.js web applications. We analyse these applications at runtime (i.e., dynamic analysis) to detect and prevent bugs that may lead to security vulnerabilities, such as denial-of-service attacks or confidential information being stolen from a database.
The fast-evolving nature of the language and its environment make Node.js applications a challenging target for any program analysis. As part of our research, we aim to create analyses that are easy to use, precise, and fast enough to be deployed in production.
As part of our project, we collaborate with the Graal team to explore efficient dynamic analysis techniques applied to dynamic languages.