Secure Web Applications

The security of Internet applications affects millions of users. It is a well-known fact that many of these applications are insecure. This recently led IT administrators at the German Parliament to restrict access to over 100,000 websites for its parliamentarians.
Today, many software programs are loaded on the Internet for direct use, meaning that they no longer need to be installed locally; instead, users simply open and use them in a web browser. Such software is often created in the programming language called JavaScript. Past experience has shown that applications programmed in JavaScript are prone to containing vulnerabilities.
It is therefore crucial to identify and repair such vulnerabilities in software created with JavaScript as quickly as possible. In order to do so, software is required that can execute this task with the highest degree of efficiency, especially when dealing with large-scale software programs.

Publications in Flagship Project Secure Web Applications

Freezing the Web: A Study of ReDoS Vulnerabilities in JavaScript-based Web Servers
Authors: Cristian-Alexandru Staicu, Michael Pradel
In: USENIX Security 2018, 15.-17.08.2018, Baltimore, USA

Understanding and Automatically Preventing Injection Attacks on Node.js
Authors: Ben Livshits, Michael Pradel, Cristian-Alexandru Staicu
In: NDSS'18, 18.-21.02.2018, San Diego, USA

Systematic Black-Box Analysis of Collaborative Web Applications
Authors: Marina Billes, Anders Møller, Michael Pradel
In: PLDI 2017, 19.-21.06.2017, Barcelona, Spain

Monkey See, Monkey Do: Effective Generation of GUI Tests with Inferred Macro Events
Authors: Markus Ermuth, Michael Pradel
In: ISSTA 2016, 18.-20.07.2016, Saarbrücken

DLint: Dynamically Checking Bad Coding Practices in JavaScript
Authors: Liang Gong, Michael Pradel, Manu Sridharan, Koushik Sen
In: ISSTA 2015, 14.-17.07.2015, Baltimore, USA