Software Engineering

Cross-site scripting (XSS) is one of the most intractable security vulnerabilities in web applications. Tons of efforts have been spent to mitigate XSS, yet it remains one of the most prevalent security threats on the Internet. Decades of exploitation and remediation demonstrated that code inspection and testing does not ensure the absence of XSS vulnerabilities in complex web applications with...

Build automation is critical for developers to check if their code compiles, passes all tests and is able to deploy to the server. Many companies adopt Continuous Integration (CI) services to make sure that the code changes from multiple developers can be safely merged at the head of the project. Internally, CI triggers software builds to makes sure that the new code change does not break the...

This document describes the high level system design of an MPC-based approach to the Private Reach and Frequency Estimation. The MPC protocol was previously described in Privacy Preserving Secure Cardinality and Frequency Estimation [1], and although several modifications are forthcoming, they do not impact the overall system design.

We present a framework for automatically testing functional correctness of back-end servers. We created a pre-production environment where traffic between servers can be reconfigured dynamically. Production requests are sampled and replayed in our framework so that we can cover many corner cases of the system without having the developer manually write test cases. We also describe how to handle...