Google, IBM & Meta Certificates — All 10,000+ Courses at 40% Off
One annual plan covers every course and certificate on Coursera. 40% off for a limited time.
Get Full Access
Explore a groundbreaking approach to static vulnerability analysis for JavaScript in this 20-minute conference talk from PLDI 2024. Delve into the innovative Multiversion Dependency Graph (MDG), a novel graph-based data structure designed to capture object state evolution during program execution. Learn how this new technique improves upon existing Code Property Graph (CPG) methods, offering a balance between scalability and effectiveness in identifying vulnerability patterns. Discover the implementation of Graph.js, a specialized MDG-based static vulnerability scanner for npm packages, and its superior performance in detecting taint-style and prototype pollution vulnerabilities. Gain insights into how this approach significantly reduces false negatives and analysis time compared to current state-of-the-art tools, and uncover its potential in identifying previously undiscovered vulnerabilities in npm packages.
