symbolic execution tools / real-world applications / search process / similar previous systems / web applications / stand-alone vulnerability discovery tool / generational search strategy / untrusted web principal / web application / Web principals / web vulnerabilities / web browser / automatic end-to-end tool / previous systems / standalone tool / web server / analysis tools / web security / live web applications / few automated vulnerability analysis tools / time exploring solutions / client-side web applications / real web site / subject applications / client-side web application code / /
Organization
US Federal Reserve / University of California / Berkeley / Dawn Song Computer Science Division / /
Person
Dawn Song / Steve Hanna / /
Position
extractor / JavaScript interpreter / symbolic interpreter for the recorded JASIL instructions / path constraint extractor / symbolic interpreter / vulnerability condition extractor / WebKit interpreter / real JavaScript interpreter / dynamic symbolic interpreter / interpreter / /
Product
WebKit / /
ProgrammingLanguage
AJAX / Java / PHP / Ruby / XPath / JavaScript / HTML / C++ / /
PublishedMedium
Caballero / /
Technology
PHP / Java / HTTP / DOM / HTML / web server / GUI / /
A Symbolic Execution Framework for JavaScript Prateek Saxena, Devdatta Akhawe, Steve Hanna, Feng Mao, Stephen McCamant, Dawn Song Computer Science Division, EECS Department University of California, Berkeley {prateeks, d