Automated Test Case Generation using Unsupervised Type Inference for JavaScript

Traditional software testing is a labor-intensive and expensive manual process. To mitigate the high cost of manual test case generation, researchers have developed various techniques for automated test case generation over the last few decades. These techniques make use of static type information to determine which data types should be used in...

Improvement of Source Code Conversion for Code Completion

Code Completion is advancing constantly, with new research coming out all the time. One such advancement is CodeFill, which converts source files into token sequences for type prediction. To train the CodeFill model, a lot of source files are needed which take a long time to convert before training can begin. Converting the file the end-user is...

Formjackers: Towards an Internet-scale Survey of Credit Card Skimming on the Web

We propose a novel, dynamic analysis-based detection solution for formjackers. The operating principle of these formjackers, or card skimmers on the web, is typically simple, yet effective: when making a payment on webshop that has been infected with a formjacker, the submitted payment information is not just transmitted to the webshop, but also...

Provably Sound Typechecking of JavaScript

Since its inception in 1995, JavaScript usage has grown far beyond its initial domain of interactive websites. As the size of applications developed in the language grows, so does the desire for static analysis such as typechecking to provide safety and reliability. Many developments have been made in recent years on increasing the precision of...

Detecting Breaking Changes in JavaScript APIs

The goal of this thesis is to explore the current possibilities for detecting breaking changes in JavaScript. For this, we propose an approach and show its accuracy by constructing a tool and evaluating it. The evaluation is carried out on 3 chosen JavaScript projects and a total of 3000 consumer packages. For each of the projects, we compute...

Why and How JavaScript Developers Use Linters

A linter is a type of static analysis tool that warns software developers about pos- sible errors in code or violations to coding standards. By using such a tool, errors can be surfaced early in the development process when they are cheaper to fix, and code can be kept more readable and maintainable. For such a tool to be successful, it is...

Automated Software Testing of JavaScript Web Applications

Modern software is becoming more and more complex and manual testing cannot keep up with the need for high-quality reliable software: often due to the complexity of event-driven software, manual testing is done. This comes with many disadvantages in comparison with automated testing. The increased importance of having a secure, reliable online...

In Dependencies We Trust: How vulnerable are dependencies in software modules?

Web-enabled services hold valuable information that attracts attackers to exploit services for unauthorized access. The transparency of Open-Source projects, shallow screening of hosted projects on public software repositories and access to vulnerability databases pave the way for attackers to gain strategic information to exploit software...

Authorship Identification and Verification of JavaScript Source Code: An Evaluation of Techniques

The increasing number of criminals that exploit the speed and anonymity of the Web has become of increasing concern. Little effort has been spent to trace the authors of malicious code. To that end we investigated authorship identification and verification of JavaScript source code. We evaluated three character based approaches and propose a new...