English
Related papers

Related papers: Stubbifier: Debloating Dynamic Server-Side JavaScr…

200 papers

The software supply chain is an increasingly common attack vector for malicious actors. The Node.js ecosystem has been subject to a wide array of attacks, likely due to its size and prevalence. To counter such attacks, the research…

Cryptography and Security · Computer Science 2025-09-03 Eric Cornelissen , Musard Balliu

JavaScript's widespread adoption has made it an attractive target for malicious attackers who employ sophisticated obfuscation techniques to conceal harmful code. Current deobfuscation tools suffer from critical limitations that severely…

Cryptography and Security · Computer Science 2025-12-17 Dongchao Zhou , Lingyun Ying , Huajun Chai , Dongbin Wang

Native code is now commonplace within Android app packages where it co-exists and interacts with Dex bytecode through the Java Native Interface to deliver rich app functionalities. Yet, state-of-the-art static analysis approaches have…

Software Engineering · Computer Science 2022-01-25 Jordan Samhi , Jun Gao , Nadia Daoudi , Pierre Graux , Henri Hoyez , Xiaoyu Sun , Kevin Allix , Tegawendé F. Bissyandé , Jacques Klein

The popularity and wide adoption of JavaScript both at the client and server side makes its code analysis more important than ever before. Most of the algorithms for vulnerability analysis, coding issue detection, or type inference rely on…

Software Engineering · Computer Science 2024-05-14 Gábor Antal , Péter Hegedűs , Zoltán Tóth , Rudolf Ferenc , Tibor Gyimóthy

Software vulnerabilities have a large negative impact on the software systems that we depend on daily. Reports on software vulnerabilities always paint a grim picture, with some reports showing that 83% of organizations depend on vulnerable…

Software Engineering · Computer Science 2020-09-22 Mahmoud Alfadel , Diego Elias Costa , Mouafak Mokhallalati , Emad Shihab , Bram Adams

With the emergence of the Node.js ecosystem, JavaScript has become a widely-used programming language for implementing server-side web applications. In this paper, we present the first empirical study of static code analysis tools for…

Cryptography and Security · Computer Science 2023-08-07 Tiago Brito , Mafalda Ferreira , Miguel Monteiro , Pedro Lopes , Miguel Barros , José Fragoso Santos , Nuno Santos

Mocking is an essential unit testing technique for isolating the class under test (CUT) from its dependencies. Developers often leverage mocking frameworks to develop stub code that specifies the behaviors of mock objects. However,…

Software Engineering · Computer Science 2023-08-22 Hengcheng Zhu , Lili Wei , Valerio Terragni , Yepang Liu , Shing-Chi Cheung , Jiarong Wu , Qin Sheng , Bing Zhang , Lihong Song

The JavaScript programming language, which began as a simple scripting language for the Web, has become ubiquitous, spanning desktop, mobile, and server applications. This increase in usage has made JavaScript an attractive target for…

Cryptography and Security · Computer Science 2024-10-29 José Miguel Moreno , Narseo Vallina-Rodriguez , Juan Tapiador

Modern software development reuses code by importing libraries as dependencies. Software projects typically include an average of 36 dependencies, with 80% being transitive, meaning they are dependencies of dependencies. Recent research…

Software Engineering · Computer Science 2025-10-24 Jonas Klauke , Tom Ohlmer , Stefan Schott , Serena Elisa Ponta , Wolfram Fischer , Eric Bodden

Modern websites extensively rely on JavaScript to implement both functionality and tracking. Existing privacy enhancing content blocking tools struggle against mixed scripts, which simultaneously implement both functionality and tracking,…

Cryptography and Security · Computer Science 2024-05-29 Abdul Haddi Amjad , Shaoor Munir , Zubair Shafiq , Muhammad Ali Gulzar

The static properties of code repositories, e.g., lines of code, dependents, dependencies, etc. can be readily scraped from code hosting platforms such as GitHub, and from package management systems such as npm for JavaScript; Although no…

Software Engineering · Computer Science 2022-03-31 Ellen Arteca , Alexi Turcotte

Code obfuscation is widely adopted in modern software development to protect intellectual property and hinder reverse engineering, but it also provides attackers with a powerful means to conceal malicious logic inside otherwise legitimate…

Cryptography and Security · Computer Science 2026-04-02 Francesco Pagano , Lorenzo Pisu , Leonardo Regano , Davide Maiorca , Alessio Merlo , Giorgio Giacinto

JavaScript packages are notoriously prone to bloat, a factor that significantly impacts the performance and maintainability of web applications. While web bundlers and tree-shaking can mitigate this issue in client-side applications,…

Software Engineering · Computer Science 2025-05-22 Yuxin Liu , Deepika Tiwari , Cristian Bogdan , Benoit Baudry

JavaScript obfuscators are widely deployed to protect intellectual property and resist reverse engineering, yet their correctness has been largely overlooked compared to performance and resilience. Existing evaluations typically measure…

Software Engineering · Computer Science 2026-03-03 Shan Jiang , Chenguang Zhu , Sarfraz Khurshid

Software complexity has increased over the years. One common way to tackle this complexity during development is to encapsulate features into a shared library. This allows developers to reuse already implemented features instead of…

Cryptography and Security · Computer Science 2019-09-17 Nicolai Davidsson , Andre Pawlowski , Thorsten Holz

Software reuse may result in software bloat when significant portions of application dependencies are effectively unused. Several tools exist to remove unused (byte)code from an application or its dependencies, thus producing smaller…

Software Engineering · Computer Science 2021-08-12 Serena Elisa Ponta , Wolfram Fischer , Henrik Plate , Antonino Sabetta

With one of the largest available collection of reusable packages, the JavaScript runtime environment Node.js is one of the most popular programming application. With recent work showing evidence that known vulnerabilities are prevalent in…

Many websites import large JavaScript (JS) libraries to customize and enhance user experiences. Our data shows that many JS libraries are only partially utilized during a page load, and therefore, contain superfluous code that is never…

Networking and Internet Architecture · Computer Science 2020-03-18 Utkarsh Goel , Moritz Steiner

Scores of compilers produce JavaScript, enabling programmers to use many languages on the Web, reuse existing code, and even use Web IDEs. Unfortunately, most compilers inherit the browser's compromised execution model, so long-running…

Programming Languages · Computer Science 2018-04-17 Samuel Baxter , Rachit Nigam , Joe Gibbs Politz , Shriram Krishnamurthi , Arjun Guha

JavaScript is a popular attack vector for releasing malicious payloads on unsuspecting Internet users. Authors of this malicious JavaScript often employ numerous obfuscation techniques in order to prevent the automatic detection by…

Cryptography and Security · Computer Science 2020-09-22 Adrian Herrera
‹ Prev 1 2 3 10 Next ›