Debun: Detecting Bundled JavaScript Libraries on Web using Property-Order Graphs (ASE 2025 - Research Papers) - ASE 2025

Sun 16 - Thu 20 November 2025 Seoul, South Korea

Who

Seojin Kim, Sungmin Park, Jihyeok Park

Track

ASE 2025 Research Papers

This program is tentative and subject to change.

Time Zone

The program is currently displayed in (GMT+09:00) Seoul.

Use conference time zone: (GMT+09:00) SeoulSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

When

Wed 19 Nov 2025 15:10 - 15:20 at Grand Hall 3 - Web & Mobile Systems 2

Abstract

Detecting front-end JavaScript libraries in web applications is essential for website profiling, vulnerability detection, and dependency management. However, bundlers like Webpack transpile code in various ways, altering the original directory and code structure, which complicates library detection. While state-of-the-art techniques utilize property pattern-based library detection at runtime, they face two key limitations: (1) they cannot detect libraries inaccessible from the global object, and (2) they have limitations in granular version detection. To address these challenges, we present DEBUN, a scalable technique for detecting JavaScript libraries and their versions using function-level fingerprints. Our key insight is that bundlers preserve the property names and execution order of property operations, even after transpilation. To leverage this, we introduce the property-order graph (POG), which represents the execution order of property operations within a function body. We evaluate DEBUN on 68 high-traffic websites with 78 front-end JavaScript libraries. Our approach outperforms existing tools, achieving a 91.76% F1-score in library detection (1.39x higher) and an 82.52% F1-score in version identification with inclusion match (1.38x higher).

Seojin Kim

North Carolina State University

United States

Sungmin Park

Korea University

South Korea

Jihyeok Park

Korea University

South Korea

This program is tentative and subject to change.

Time Zone

The program is currently displayed in (GMT+09:00) Seoul.

Use conference time zone: (GMT+09:00) SeoulSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Session Program

Wed 19 Nov
Displayed time zone: Seoul change

	14:00 - 15:30	Web & Mobile Systems 2Research Papers / Journal-First Track at Grand Hall 3

	14:00 10m Talk		Adaptive and accessible user interfaces for seniors through model-driven engineering Journal-First Track Shavindra Wickramathilaka Monash University, John Grundy Monash University, Kashumi Madampe Monash University, Australia, Omar Haggag Monash University, Australia Link to publication DOI
	14:10 10m Talk		AppBDS: LLM-Powered Description Synthesis for Sensitive Behaviors in Mobile Apps Research Papers Zichen Liu Arizona State University, Xusheng Xiao Arizona State University
	14:20 10m Talk		Large Language Models for Automated Web-Form-Test Generation: An Empirical Study Journal-First Track Tao Li Macau University of Science and Technology, Chenhui Cui Macau University of Science and Technology, Rubing Huang Macau University of Science and Technology (M.U.S.T.), Dave Towey University of Nottingham Ningbo China, Lei Ma The University of Tokyo & University of Alberta
	14:30 10m Talk		Beyond Static GUI Agent: Evolving LLM-based GUI Testing via Dynamic Memory Research Papers Mengzhuo Chen Institute of Software, Chinese Academy of Sciences, Zhe Liu Institute of Software, Chinese Academy of Sciences, Chunyang Chen TU Munich, Junjie Wang Institute of Software at Chinese Academy of Sciences, Yangguang Xue University of Chinese Academy of Sciences, Boyu Wu Institute of Software at Chinese Academy of Sciences, Yuekai Huang Institute of Software, Chinese Academy of Sciences, Libin Wu Institute of Software Chinese Academy of Sciences, Qing Wang Institute of Software at Chinese Academy of Sciences
	14:40 10m Talk		Who's to Blame? Rethinking the Brittleness of Automated Web GUI Testing from a Pragmatic Perspective Research Papers Haonan Zhang University of Waterloo, Kundi Yao University of Waterloo, Zishuo Ding The Hong Kong University of Science and Technology (Guangzhou), Lizhi Liao Memorial University of Newfoundland, Weiyi Shang University of Waterloo
	14:50 10m Talk		LLM-Cure: LLM-based Competitor User Review Analysis for Feature Enhancement Journal-First Track Maram Assi Université du Québec à Montréal, Safwat Hassan University of Toronto, Ying Zou Queen's University, Kingston, Ontario
	15:00 10m Talk		MIMIC: Integrating Diverse Personality Traits for Better Game Testing Using Large Language Model Research Papers Yifei Chen McGill University, Sarra Habchi Cohere, Canada, Lili Wei McGill University Pre-print
	15:10 10m Talk		Debun: Detecting Bundled JavaScript Libraries on Web using Property-Order Graphs Research Papers Seojin Kim North Carolina State University, Sungmin Park Korea University, Jihyeok Park Korea University
	15:20 10m Talk		GUIFuzz++: Unleashing Grey-box Fuzzing on Desktop Graphical User Interfacing Applications Research Papers Dillon Otto University of Utah, Tanner Rowlett University of Utah, Stefan Nagy University of Utah Pre-print