Jörn Guy Süß

Jörn Guy Süß, Samantha Swift, Eban Escott

For Model-Driven Engineering (MDE) to become Agile, it is has to be usable with and for DevOps as the technical basis of Agility. We describe our experiences in implementing and applying the BB8 architecture that provides a means to reuse Eclipse-based MDE toolkits within an integrating workflow system. We describe the use of the architecture with in the Gitlab DevOps system and discuss future research fields that emerge as the result of our implementation.

Behnaz Hassanshahi, Hyunjun Lee, Paddy Krishnan et al.

Even though a lot of effort has been invested in analyzing client-side web applications during the past decade, the existing tools often fail to deal with the complexity of modern JavaScript applications. However, from an attacker point of view, the client side of such web applications can reveal invaluable information about the server side. In this paper, first we study the existing tools and enumerate the most crucial features a security-aware client-side analysis should be supporting. Next, we propose GELATO to detect vulnerabilities in modern client-side JavaScript applications that are built upon complex libraries and frameworks. In particular, we take the first step in closing the gap between state-aware crawling and client-side security analysis by proposing a feedback-driven security-aware guided crawler that is able to analyze complex frameworks automatically, and increase the coverage of security-sensitive parts of the program efficiently. Moreover, we propose a new lightweight client-side taint analysis that outperforms the start-of-the-art tools, requires no modification to browsers, and reports non-trivial taint flows on modern JavaScript applications.