MIT researchers have explored new debugging methods to test the security of popular websites that were written using Ruby on Rails. The sites tested include over 50 popular sites. Surprisingly, these debugging methods uncovered 23 previously undiagnosed security flaws, in less than two minutes. So, how exactly is this done? According to Daniel Jackson, professor in the Department of Electrical Engineering and Computer Science, the new system uses a technique called “static analysis”, which seeks to generally describe how data flows through a program. Though, Jackson adds that “most work on static analysis is focused on trying to make the analysis more scalable and accurate to overcome those sorts of problems.” So, what makes it difficult for popular websites to stay on top of security? There are many factors that play a role in determining that, as the cost of accuracy for website security is high depending on how large the site in question is. Ruby on Rails, a popular coding language, also works well with defining the various operations needed to successfully run a website. The full results of the research will be presented at the International Conference on Software Engineering, in May. This research actually comes at a pivotal time, with so many algorithm revisions and new trends being integrated to keep social media and sites relevant to users, security is becoming more important than ever to users. Previous methods that sites have undergone to keep security up-to-date may not be sufficient anymore, as malicious users are increasing along with the site trends. However, it’s in these sites’ best interests to keep website security a priority on all levels. After all, user engagement can’t increase if users are afraid or unsupportive of how sites treat their privacy. Hopefully, the release of this report will shed light on the issue of adapting new site security methods and Image via Flickr / Dino Latoga
