Wed 17 Jul 2019 14:50 - 15:10 at Epernay - Testing

Scala is a functional programming and object-oriented language which is designed to be concise and compiled to Java bytecode so that a Scala application can be executed on a Java Virtual Machine (JVM). Scala’s designers claim that using static types in Scala help evade bugs in complex Scala applications. However, the recently discovered vulnerabilities in Scala applications shed doubt on this claim. Therefore, in this work, we introduce TaintSpy as a runtime vulnerability indicator which works based on dynamic taint analysis of Scala applications. Our proposed framework can identify security vulnerabilities without requiring the source code of applications. We demonstrate the usefulness of our framework by identifying and reporting several security vulnerabilities such as Remote Code Execution (RCE), Memory Corruption, DOS, SQL injection and XSS in standard Scala frameworks (e.g., Lift, Akka and Spray).

Wed 17 Jul

13:30 - 15:10: Scala 2019 - Testing at Epernay
scala-2019-papers13:30 - 14:00
Konstantin LäuferLoyola University Chicago, John O'SullivanLoyola University Chicago, George K. ThiruvathukalLoyola University Chicago and Argonne National Laboratory
scala-2019-papers14:00 - 14:30
Jonas De BleserSofware Languages Lab, Vrije Universiteit Brussel, Dario Di NucciVrije Universiteit Brussel, Coen De RooverVrije Universiteit Brussel
scala-2019-papers14:30 - 14:50
Jonas De BleserSofware Languages Lab, Vrije Universiteit Brussel
scala-2019-papers14:50 - 15:10
Mohammadreza AshouriUniversity of Potsdam, Germany