Academics Create an Open Source Tool for Detecting Node.js Security Vulnerabilities


An open source Node.js bug hunting tool created by a team of academic researchers has already found 180 security flaws. An open-source, cross-platform environment called Node.js allows JavaScript code to be executed outside of a browser.

Researchers from Renmin University in China and Johns Hopkins University suggest a novel method for identifying security flaws in Node.js packages. The researchers developed a unique graph structure called Object Dependence Graph (ODG) and created an open-source prototype system named ‘ODGEN’ to leverage ODG for bug hunting.

They were inspired by graph query-based techniques like Code Property Graph (CPG). The finding of “43 application-level zero-day vulnerabilities with 14 false positives and we also confirmed 137 package-level zero-day vulnerabilities with 84 false positives” was made possible by the researchers’ ability to customize ODGEN to identify six different types of vulnerabilities.

Read More: Academics Devise Open Source Tool For Hunting Node.js Security Flaws

For more such updates follow us on Google News ITsecuritywire News