RSS Meetups are monthly gatherings of LASIGE members with research interests mainly in Software Architecture, Verification, Testing, Programming Languages, Type Systems, Logic, Concurrency, and Formal Methods.

Title: Static Application Security Testing: Functional Programming in Practice (Aikido Security)
Speakers: Dimitris Mostrous (Aikido Security)
When: May 8, 2025, 14h00
Where: FCUL, 6.3.27
Invited by: Alcides Fonseca

Abstract: In this talk, I will share insights from my experience in functional programmer roles in several startups, highlighting how functional programming is used in industry today and crucially, why it makes sense from a business perspective. In the second part of the talk we will explore Opengrep, an open source Static Application Security Testing (SAST) tool written in OCaml, supported by a consortium of organisations in the application security space. Opengrep is designed to search for patterns in source code, with a particular emphasis on vulnerability detection. Users define patterns as code fragments enhanced with matching constructs; these are converted into abstract syntax trees and matched against the AST representation of the target code. Opengrep also supports taint tracking: identifying places where untrusted user input is passed to trusted subsystems without proper sanitisation. We will discuss why functional programming is well-suited to this kind of work and mention some of the analyses performed under the hood, including parsing, intermediate representations, constant propagation and dataflow analysis.

Short Bio: Dimitris Mostrous earned his PhD in Computing at Imperial College London. He’s currently the lead maintainer of the open source Opengrep SAST tool (https://opengrep.dev) and OCaml Engineer at Aikido Security (https://aikido.dev). This is his third experience working as functional programmer for startups, having previously worked with Clojure and OCaml in domains such as analytics and crypto payments.