Don't repeat yourself: automatically synthesizing client-side validation code for web applications

Authors:
Nazari Skrupsky;Maliheh Monshizadeh;Prithvi Bisht;Timothy Hinrichs;V. N. Venkatakrishnan;Lenore Zuck
Affiliations:
Department of Computer Science, University of Illinois at Chicago;Department of Computer Science, University of Illinois at Chicago;Department of Computer Science, University of Illinois at Chicago;Department of Computer Science, University of Illinois at Chicago;Department of Computer Science, University of Illinois at Chicago;Department of Computer Science, University of Illinois at Chicago
Venue:
WebApps'12 Proceedings of the 3rd USENIX conference on Web Application Development
Year:
2012

Citing 3
Cited 0

Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper)

SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
A Symbolic Execution Framework for JavaScript

SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
NoTamper: automatic blackbox detection of parameter tampering opportunities in web applications

Proceedings of the 17th ACM conference on Computer and communications security

Quantified Score

Hi-index	0.00

Visualization

Abstract

We outline the groundwork for a new software development approach where developers author the server-side application logic and rely on tools to automatically synthesize the corresponding client-side application logic. Our approach uses program analysis techniques to extract a logical specification from the server and synthesizes client code from that specification. Our implementation (WAVES) synthesizes interactive client interfaces that include asynchronous callbacks whose performance and coverage rival that of manually written clients, while ensuring that no new security vulnerabilities are introduced.