Litcius/Paper detail

Modular call graph construction for security scanning of Node.js applications

Benjamin Barslev Nielsen, Martin Toldam Torp, Anders Møller

202149 citationsDOIOpen Access PDF

Abstract

Most of the code in typical Node.js applications comes from third-party libraries that consist of a large number of interdependent modules. Because of the dynamic features of JavaScript, it is difficult to obtain detailed information about the module dependencies, which is vital for reasoning about the potential consequences of security vulnerabilities in libraries, and for many other software development tasks. The underlying challenge is how to construct precise call graphs that capture the connectivity between functions in the modules.

Topics & Concepts

Computer scienceModular designNode (physics)GraphProgramming languageTheoretical computer scienceEngineeringStructural engineeringAdvanced Malware Detection TechniquesWeb Application Security VulnerabilitiesNetwork Security and Intrusion Detection