Original Sin of Npm: A Study on Vulnerability Propagation in JavaScript Dependency Networks

Understanding vulnerability propagation is essential for assessing how vulnerabilities spread across components of a software package. This supports more accurate impact analysis and enhances threat detection and mitigation. In this paper, we investigate how a small number of vulnerable JavaScrip...

VEcho: A Paradigm Shift from Vulnerability Verification to Proactive Discovery with Large Language Models

Static Application Security Testing SAST tools often suffer from high false positive rates, leading to alert fatigue that consumes valuable auditing resources. Recent efforts leveraging Large Language Models LLMs as filters offer limited improvements; however, these methods treat LLMs as passive,...

An Accurate and Efficient Vulnerability Propagation Analysis Framework

Identifying the impact scope and scale is critical for software supply chain vulnerability assessment. However, existing studies face substantial limitations. First, prior studies either work at coarse package-level granularity, producing many false positives, or fail to accomplish whole-ecosyste...

VIVID: a Novel Approach to Remediation Prioritization in Static Application Security Testing (SAST)

Static Application Security Testing SAST enables organizations to detect vulnerabilities in code early; however, major SAST platforms do not include visual aids and present little insight on correlations between tainted data chains. We propose VIVID - Vulnerability Information Via Data flow - a...

XSS Hunter – A Modern Approach to Testing for Cross-site Scripting (XSS)

Cross-site Scripting XSS origins go arguably back to a lab in Microsoft in 1999. With the first disclosure of the issue titled “ Malicious HTML Tags Embedded in Client Web Requests “, this research sparked an entire generation of an attack that somehow still seems to persist in modern web...