BLeak: automatically debugging memory leaks in web applications

BLeak: Automatically debugging memory leaks in web applications Vilk & Berger, PLDI’18

BLeak is a Browser Leak debugger that finds memory leaks in web applications. You can use BLeak to test your own applications by following the instructions at http://bleak-detector.org.

Guided by BLeak, we identify and fix over 50 memory leaks in popular libraries and apps including Airbnb, AngularJS, Google Analytics, Google Maps SDK, and jQuery. BLeak’s median precision is 100%; fixing the leaks it identifies reduces heap growth by an average of 94%, saving from 0.5MB to 8MB per round trip.

Why are web application memory leaks so problematic?

Memory leaks in web applications are a pervasive problem. They lead to higher garbage collection frequency and overhead, reduced application responsiveness, and even browser tab crashes. Existing memory leak detection approaches don’t work well in the browser environment though:

  • Staleness detection assumes leaked memory is rarely touched, but web apps regularly interact with leaked state (e.g. via event listeners).
  • Growth-based technique assume that leaked objects are uniquely owned, or that leaked objects from strongly connected components in the heap graph. In a web application, objects frequently have multiple owners, and all roads lead back to window.
  • Techniques Continue reading

Check Out Our New Certified Information System Auditor Course





This 6 hour course is designed for those that are preparing for the CISA exam. Expert instructor, Etienne Poeder, explains what to expect from this course, as well as who the course is designed for below:

The amount of effort required to ace this exam will depend on both your relevant knowledge and experience. Mere knowledge is insufficient for passing the exam because the exam doesn’t just test your familiarity with exam topics, but also your ability to actually apply your skills and education. An accounting/non-IS auditing background prior to this exam will likely work, but it is going to be more challenging with regard to your technical IT knowledge. As for the more techie professional, you will probably already understand the security and technology basics, but still need to show whether you understand the do’s and don’ts within auditing and related area’s in different types of organizations and architectures.

Whether you are an auditor or security professional, you can benefit from this course. I have done my best making sure we hit the ground running with the preparation for your exam. If you lack both the auditing as well as the technical knowledge/experience, this course will still benefit you, but it will be more challenging. You will need to prepare properly for the CISA exam to ace it. Of course, I will give you exam tips along the way and practical examples within the IT Audit security job practice to make studying a less bitter pill to swallow.

I will cover all 5 domains, which will summarize the most current information from the revised book according to the 2016 CISA Job Practice. This book is the most comprehensive peer-reviewed IS Audit, assurance, security and control resource available worldwide.

I have added assessment questions so you can test your knowledge and become more familiarized with the question types, structures and topics featured in the CISA exam. I have made a fine representative selection of questions, extracted from a 1,000 multiple-choice study exam that has previously appeared in the CISA Review Questions, Answers and Explained manual 2015 and the CISA Review Questions, Answers & Explanations Manual 2015 Supplement, both current and in accordance with the newly revised 2016 Job Practice.

So you want to be a professional auditor?

Go get your proper assistance for the CISA exam today!

IDG Contributor Network: 4 ways to avoid cloud outages and improve system performance

When most people encounter headlines about high-profile cloud outages, they think about the cloud vendor's name, or how the negative publicity might affect stock prices. I think about the people behind the scenes—the ones tasked with fixing the problem and getting customer systems back up and running.Despite their best efforts, the occasional outage is inevitable. The internet is a volatile place, and nobody is completely immune to this danger. Fortunately, there are some straightforward steps businesses can take to guard against the possibility of unplanned downtime.Here are four ways to avoid cloud outages while improving security and performance in the process:To read this article in full, please click here

IDG Contributor Network: 4 ways to avoid cloud outages and improve system performance

When most people encounter headlines about high-profile cloud outages, they think about the cloud vendor's name, or how the negative publicity might affect stock prices. I think about the people behind the scenes—the ones tasked with fixing the problem and getting customer systems back up and running.Despite their best efforts, the occasional outage is inevitable. The internet is a volatile place, and nobody is completely immune to this danger. Fortunately, there are some straightforward steps businesses can take to guard against the possibility of unplanned downtime.Here are four ways to avoid cloud outages while improving security and performance in the process:To read this article in full, please click here

IDG Contributor Network: Scalable groups tags with SD-Access

Perimeter-based firewalls When I stepped into the field of networking, everything was static and security was based on perimeter-level firewalling. It was common to have two perimeter-based firewalls; internal and external to the wide area network (WAN). Such layout was good enough in those days.I remember the time when connected devices were corporate-owned. Everything was hard-wired and I used to define the access control policies on a port-by-port and VLAN-by-VLAN basis. There were numerous manual end-to-end policy configurations, which were not only time consuming but also error-prone.There was a complete lack of visibility and global policy throughout the network and every morning, I relied on the multi router traffic grapher (MRTG) to manual inspect the traffic spikes indicating variations from baselines. Once something was plugged in, it was “there for life”. Have you ever heard of the 20-year-old PC that no one knows where it is but it still replies to ping? In contrast, we now live in an entirely different world. The perimeter has dissolved, resulting in perimeter-level firewalling alone to be insufficient.To read this article in full, please click here

IDG Contributor Network: Scalable groups tags with SD-Access

Perimeter-based firewalls When I stepped into the field of networking, everything was static and security was based on perimeter-level firewalling. It was common to have two perimeter-based firewalls; internal and external to the wide area network (WAN). Such layout was good enough in those days.I remember the time when connected devices were corporate-owned. Everything was hard-wired and I used to define the access control policies on a port-by-port and VLAN-by-VLAN basis. There were numerous manual end-to-end policy configurations, which were not only time consuming but also error-prone.There was a complete lack of visibility and global policy throughout the network and every morning, I relied on the multi router traffic grapher (MRTG) to manual inspect the traffic spikes indicating variations from baselines. Once something was plugged in, it was “there for life”. Have you ever heard of the 20-year-old PC that no one knows where it is but it still replies to ping? In contrast, we now live in an entirely different world. The perimeter has dissolved, resulting in perimeter-level firewalling alone to be insufficient.To read this article in full, please click here

Research: Covert Cache Channels in the Public Cloud

One of the great fears of server virtualization is the concern around copying information from one virtual machine, or one container, to another, through some cover channel across the single processor. This kind of channel would allow an attacker who roots, or otherwise is able to install software, on one of the two virtual machines, to exfiltrate data to another virtual machine running on the same processor. There have been some successful attacks in this area in recent years, most notably meltdown and spectre. These defects have been patched by cloud providers, at some cost to performance, but new vulnerabilities are bound to be found over time. The paper I’m looking at this week explains a new attack of this form. In this case, the researchers use the processor’s cache to transmit data between two virtual machines running on the same physical core.

The processor cache is always very small for several reasons. First, the processor cache is connected to a special bus, which normally has limits in the amount of memory it can address. This special bus avoids reading data through the normal system bus, and this is (from a networking perspective) at least one hop, and often several Continue reading

Additional Record Types Available with Cloudflare DNS

Additional Record Types Available with Cloudflare DNS

Additional Record Types Available with Cloudflare DNS
Photo by Mink Mingle / Unsplash

Cloudflare recently updated the authoritative DNS service to support nine new record types. Since these records are less commonly used than what we previously supported, we thought it would be a good idea to do a brief explanation of each record type and how it is used.

DNSKEY and DS

DNSKEY and DS work together to allow you to enable DNSSEC on a child zone (subdomain) that you have delegated to another Nameserver. DS is useful if you are delegating DNS (through an NS record) for a child to a separate system and want to keep using DNSSEC for that child zone; without a DS entry in the parent, the child data will not be validated. We’ve blogged about the details of Cloudflare’s DNSSEC implementation and why it is important in the past, and this new feature allows for more flexible adoption for customers who need to delegate subdomains.

Certificate Related Record Types

Today, there is no way to restrict which TLS (SSL) certificates are trusted to be served for a host. For example if an attacker were able to maliciously generate an SSL certificate for a host, they could use a man-in-the-middle attack Continue reading

LACIGF Workshop for Chapter Leaders: The Internet Should Reach Everyone

Inside the framework of the 11th meeting of LACIGF, the Internet Society’s Regional Bureau in Latin America & Caribbean successfully carried out the 2018 edition of the Workshop for Chapter Leaders. In addition to addressing the key issues of the organization, the event included a session focused on personal development. The 34 participants, from 22 Chapters, also had the opportunity to talk with Andrew Sullivan, future Executive Director of the Internet Society.

Volunteering: A Shared Challenge

The Internet Society Chapters are a fundamental component of the Internet Society. Made up of people with diverse backgrounds and interests, the Chapters pursue a common and ambitious goal: the Internet should reach everyone. To achieve this, each member spends a significant part of their time working with their peers on diverse projects.

This is why, the first part of the Chapter Workshop focused on human development components related to leadership. Although the content was shared with the representatives of each Chapter that attended the workshop, the idea was to reinforce the message within the boards of the chapters of the given region, in order to facilitate the promotion of these ideas locally.

A Conversation with Andrew Sullivan

Andrew Sullivan will assume the role Continue reading

BrandPost: Be the Hero of Your Network with Ciena’s Optical Networking Super Bundle

Ciena Kacie Levy, Manager, Social Media What if you could apply the collective knowledge of some of the world’s best and brightest optical minds to your network? Well, now you can with an incredible limited time offer from Ciena: The Optical Networking Super Bundle.As the famous saying goes, “Knowledge is power”, so what if you could get easy access to the necessary resources to make your optical knowledge your Superpower?To read this article in full, please click here

1 1,517 1,518 1,519 1,520 1,521 3,849