Detecting Taint-Style Vulnerabilities in Microservice-Structured Web Apps
Black Hat USA 2025 · Day 1 · Briefings
Fengyu Liu and Yukun Xu of Fudan University and Hong Kong Polytechnic University present MScan, a taint analysis framework that tracks vulnerability data flows across service boundaries in microservice architectures — a capability that tools like CodeQL fundamentally lack. Tested against 25 open-source and 5 industrial microservice applications, MScan found 59 previously unknown zero-day vulnerabilities with 72% precision, versus CodeQL's 23 findings at under 40% precision on the same targets. ---
AI review
MScan finds 59 zero-days that CodeQL missed because it actually models inter-service data flows, and the ablation study proves all three components are load-bearing. This is a research tool that solves a real structural problem in modern web application security, backed by concrete numbers from industrial targets.