Code-based Vulnerability Detection in Node.js Applications: How far are we? (ASE 2020 - Industry Showcase)

Mon 21 - Fri 25 September 2020 Melbourne, Australia

Who

Bodin Chinthanet, Serena Elisa Ponta, Henrik Plate, Antonino Sabetta, Raula Gaikovina Kula, Takashi Ishio, Kenichi Matsumoto

Track

ASE 2020 Industry Showcase

Time Zone

The program is currently displayed in (UTC) Coordinated Universal Time.

Use conference time zone: (UTC) Coordinated Universal TimeSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Thu 24 Sep 2020 09:30 - 09:50 at Kangaroo - Software Security and Trust (2) Chair(s): Raula Gaikovina Kula

Abstract

With one of the largest available collection of reusable packages, the JavaScript runtime environment Node.js is one of the most popular programming applications. With recent work showing evidence that known vulnerabilities being prevalent in both an Open Source and industry, we propose and implement a viable code-based vulnerability detection tool in Node.js applications. Our case study lists the challenges when implementing this Node.js vulnerable code detector.

Bodin Chinthanet

Nara Institute of Science and Technology

Japan

Serena Elisa Ponta

SAP Security Research

Henrik Plate

SAP Security Research

Antonino Sabetta

SAP Security Research

France

Raula Gaikovina Kula

NAIST

Japan

Takashi Ishio

Nara Institute of Science and Technology

Japan

Kenichi Matsumoto

Nara Institute of Science and Technology

Time Zone

The program is currently displayed in (UTC) Coordinated Universal Time.

Use conference time zone: (UTC) Coordinated Universal TimeSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

Display full programSpecify a time band

Save

Session Program

Thu 24 Sep
Displayed time zone: (UTC) Coordinated Universal Time change

09:10 - 10:10	Software Security and Trust (2)Tool Demonstrations / Research Papers / Industry Showcase at Kangaroo Chair(s): Raula Gaikovina Kula NAIST

09:10 20m Talk		Cross-Contract Static Analysis for Detecting Practical Reentrancy Vulnerabilities in Smart Contracts Research Papers Yinxing Xue , Mingliang Ma University of Science and Technology of China, Yun Lin National University of Singapore, Yulei Sui University of Technology Sydney, Australia, Jiaming Ye University of Science and Technology of China, Tianyong Peng University of Science and Technology of China
09:30 20m Talk		Code-based Vulnerability Detection in Node.js Applications: How far are we? Industry Showcase Bodin Chinthanet Nara Institute of Science and Technology, Serena Elisa Ponta SAP Security Research, Henrik Plate SAP Security Research, Antonino Sabetta SAP Security Research, Raula Gaikovina Kula NAIST, Takashi Ishio Nara Institute of Science and Technology, Kenichi Matsumoto Nara Institute of Science and Technology
09:50 10m Talk		SmartBugs: A Framework to Analyze Solidity Smart Contracts Tool Demonstrations João F. Ferreira INESC-ID and IST, University of Lisbon, Pedro Cruz IST, University of Lisbon, Portugal, Thomas Durieux KTH Royal Institute of Technology, Sweden, Rui Abreu Faculty of Engineering, University of Porto, Portugal DOI