An Oxymoron : Static Analysis of a Dynamic Language (Part 3)

Source: blog.shiftleft.io

An Oxymoron : Static Analysis of a Dynamic Language (Part 3)

Category: Security, Data, Microsoft

From the previous post we concluded that JavaScript contains a number of features that makes it a challenge to analyze and detect bugs in: To mitigate from these issues, Microsoft developed TypeScript, an open-source programming language that is a strict superset of JavaScript with static typing and class-based object-oriented programming. Thus, any existing JavaScript programs are also valid TypeScript programs.

To allow TypeScript programs to use existing JavaScript libraries, the DefinitelyTyped project provides a set of TypeScript declaration files for frequently used JavaScript libraries.

Given the ubiquity of JavaScript, it is crucial to discover security vulnerabilities possibly introduced by use of its dynamic features.

Taint analysis detects flows of data that violate program integrity and data confidentiality.
Read Full Article On blog.shiftleft.io
Achieve superior email deliverability with ToastMail! Our AI-driven tool warms up inboxes, monitors reputation, and ensures emails reach their intended destination. Sign up today for a spam-free future.

Related Articles

Analytics will be available on TFS 2019 RC1 – Want to help us test it? – Microsoft DevOps Blog
Analytics will be available on TFS 2019 RC1 – Want to help us test it? – Microsoft DevOps Blog
Remediating the October 2018 Git Security Vulnerability – Microsoft DevOps Blog
Remediating the October 2018 Git Security Vulnerability – Microsoft DevOps Blog
Splunk Aims to Trigger DevOps Processes
Splunk Aims to Trigger DevOps Processes
Community Partners
CrowdSec
Autonomous.ai | Best Standing Desks & Ergonomic Office Chairs

Digital Ocean

Koho

Become a Partner?
DevOps Careers
    • Add a Job?