Research on the dangers of copy/pasting code

Suppose you need to incorporate crypto into your application. Or you need to write a regex to validate some user input. You might end up on Stack Overflow, where you find a code snippet that you can paste into your application. And even better, it works on the first try! But is the code correct, and is the code secure? In this talk, Jamie and Sazzadur will talk about the potential hazards of copy/pasting crypto and regexes into your software.

Resources mentioned in this session:

Slides: Coming soon

Regexes

– Jamie is the maintainer of the safe-regex module on npm. More accurate super-linear regex detectors are available through the vuln-regex-detector project.

– His regex portability tools can be found in the LinguaFranca project.

– He posts “reader’s digest” summaries of his work on Medium. Here are the posts for his work on regex security and regex portability

Crypto

– Sazzadur’s application-level cryptographic misuse detection paper can be found here.

– You can scan your Java code for cryptographic misuse using his CryptoGuard project.

If any of these tools or resources are helpful, please let us know!

Jamie Davis

Jamie Davis and Sazzadur Rahaman

Jamie Davis and Sazzadur Rahaman are 5th-year PhD students in Computer Science at Virginia Tech. They both spent a few years in industry before heading back to school. They both study software correctness and security. Jamie focuses on regular expressions and Node.js, while Sazzadur’s interests lie in application-level cryptographic vulnerabilities. Jamie’s research has led to changes in the core libraries of Python and Node.js, and Sazzadur has caused changes in projects like Apache Spark and Apache Ranger.

Find Jamie on twitter

Find Sazzadur on twitter

Related Posts

Leave a comment

Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.