I’ll walk through my research in code analysis for web security, showing how graph-based static analysis can help surface privacy violations and security vulnerabilities in the Node.js ecosystem. I’ll introduce Cogna and our experience using LLMs to automatically generate tests, focusing on our approach, key lessons, and how it helps us detect bugs early in the development process.

In this talk I will demonstrate how to build a custom static analysis tool in Go, using our experience creating https://github.com/loveholidays/ptrcmp at loveholidays as a practical case study. We'll take a deep dive into Go's analysis framework https://pkg.go.dev/golang.org/x/tools/go/analysis, exploring everything from understanding Abstract Syntax Trees to leveraging the powerful tooling ecosystem that makes custom linters possible.