Mafalda Ferreira

Junior Researcher @ INESC-ID, PhD Student @ IST

prof_pic.jpg

Welcome! I’m a 4th year PhD student in Computer Science and Engineering at Instituto Superior Técnico (IST), University of Lisbon, being kindly advised by professor Nuno Santos and professor José Fragoso Santos. I am a junior researcher at INESC-ID Lisbon and member of the Distributed, Parallel and Secure Systems Group (DPSS), as part of the SysSec team.

I’m interested in Web security and privacy. My research focuses on developing systems based on static analysis techniques to identify security vulnerabilities and privacy violations in JavaScript.

Previously, I received my MSc in Computer Science and Engineering at IST in 2021, under the guidance of professor Nuno Santos. My dissertation, entitled Building GDPR-Compliant Web Applications with RuleKeeper is available in the Publications section.

I have been a teaching assistant at IST, University of Lisbon since 2019. To learn more about my teaching activities, check my Teaching section.


News

Apr 3, 2025 Our paper on automated exploit generation for Node.js packages was accepted at PLDI’25!
Feb 28, 2025 Joined Cogna as Research Engineering Intern during the Fall.
Sep 14, 2024 Joined Amazon Web Services as an Applied Scientist Intern during the Summer, as part of the Automated Reasoning Group.
Jul 31, 2024 I was awarded the DPSS Best PhD Student Award 2023!

Selected Publications

  1. PLDI
    Automated Exploit Generation for Node.js Packages
    Filipe Marques,  Mafalda Ferreira, André Nascimento,  Miguel Coimbra and 3 more authors
    Proc. ACM Program. Lang. Jun 2025
  2. PLDI
    Efficient Static Vulnerability Analysis for JavaScript with Multiversion Dependency Graphs
    Mafalda Ferreira, Miguel Monteiro, Tiago Brito,  Miguel E. Coimbra and 3 more authors
    Proc. ACM Program. Lang. Jun 2024
  3. ToR
    Study of JavaScript Static Analysis Tools for Vulnerability Detection in Node.js Packages
    Tiago BritoMafalda Ferreira, Miguel Monteiro,  Pedro Lopes and 3 more authors
    In IEEE Transactions on Reliability Jun 2023
  4. S&P
    RuleKeeper: GDPR-Aware Personal Data Compliance for Web Frameworks
    Mafalda FerreiraTiago BritoJosé Fragoso Santos,  and Nuno Santos
    In Proceedings of 44th IEEE Symposium on Security and Privacy (S&P’23) May 2023
  5. CCS
    Poster: A Systems Approach to GDPR Compliance-by-Design in Web Development Stacks
    Mafalda FerreiraTiago BritoJosé Fragoso Santos,  and Nuno Santos
    In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (CCS’22) Nov 2022

Contact


E-mail: mafalda.baptista@tecnico.ulisboa.pt


Address:
Room 501, INESC-ID
Rua Alves Redol 9
1000-029 Lisbon, Portugal