EVENT TICKETS
ALL TICKETS >
2025 New Year's Eve
Regular Events
Hurry! Get Your Tickets Now! Countdown has begun!!

2025 Midnight Madness NYE PARTY
Regular Events
Join us for an unforgettable night filled with glitz, glamour, and good vibes! The 2025 Midnight Madness NYE Party promises to be a night to remember with Live Music by DJ Malay

Big Fat New Year Eve 2025
Regular Events
Arizona's Largest & Hottest New Year’s Eve Event: Big Fat Bollywood Bash - Tuesday Dec 31, 2024. Tickets @ early bird pricing on sale now (limited quantity of group discount

Now, a debugger that uncovers web app flaws in just 64 secsWashington D.C, Apr 16(AZINS) A team of researchers has come out with a new software that represents a breakthrough in security for programs written in the popular web application framework Ruby on the Rails.

By exploiting some peculiarities of the popular Web programming framework Ruby on Rails, MIT researchers have developed a system that can quickly comb through tens of thousands of lines of application code to find security flaws.

In tests on 50 popular Web applications written using Ruby on Rails, the system found 23 previously undiagnosed security flaws, and it took no more than 64 seconds to analyze any given program.

According to Daniel Jackson, the new system uses a technique called static analysis, which seeks to describe, in a very general way, how data flows through a program.

"The classic example of this is if you wanted to do an abstract analysis of a program that manipulates integers, you might divide the integers into the positive integers, the negative integers, and zero," Jackson explained.

The static analysis would then evaluate every operation in the program according to its effect on integers' signs. Adding two positives yields a positive; adding two negatives yields a negative; multiplying two negatives yields a positive; and so on.

"The problem with this is that it can't be completely accurate because you lose information," Jackson says. "If you add a positive and a negative integer, you don't know whether the answer will be positive, negative, or zero. Most work on static analysis is focused on trying to make the analysis more scalable and accurate to overcome those sorts of problems."

With Web applications, however, the cost of accuracy is prohibitively high, Jackson said, adding that the program under analysis is just huge. "Even if you wrote a small program, it sits atop a vast edifice of libraries and plugins and frameworks."

The researchers will present their results at the International Conference on Software Engineering, in May.