Sukyoung Ryu - Finding Bugs in JavaScript Web Applications Using the SAFE Family





The interactive transcript could not be loaded.


Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Sep 26, 2016

Presentation date: 1-Sep-16

Analyzing real-world JavaScript web applications is a challenging task. On top of understanding the semantics of JavaScript, it requires modeling of web documents, platform objects, and interactions between them. Not only the JavaScript language itself but also its usage patterns are extremely dynamic. JavaScript can generate code and run it during evaluation, and most web applications load JavaScript code dynamically. Such dynamic characteristics of JavaScript web applications make pure static analysis approaches inapplicable.

In this talk, we present our attempts to analyze JavaScript web applications in the wild mostly statically using various approaches. From pure JavaScript programs to JavaScript web applications using platform-specific libraries and dynamic code loading, we explain technical challenges in analyzing each of them and how we built an open-source analysis framework for JavaScript, SAFE, that addresses the challenges incrementally.

Sukyoung Ryu is an associate professor in the School of Computing at Korea Advanced Institute of Science and Technology (KAIST). Her research interests are in programming languages and program analysis. Recently, her group has been focusing on analysis of and bug finding in JavaScript web applications by developing an open-source tool called SAFE, which is being used in both academia and industry. She is a recipient of various awards including the Google Faculty Research Award. She received her Ph.D. in Computer Science from KAIST, worked at Harvard University and Sun Microsystems Laboratories.


When autoplay is enabled, a suggested video will automatically play next.

Up next

to add this to Watch Later

Add to

Loading playlists...