David Baker Effendi

Stellenbosch University · Cape Winelands, South Africa · dbe@sun.ac.za

Ph.D. Computer Science student at Stellenbosch University researching static program analysis. Areas of focus include performant data-flow analysis within resource contrained environments and leveraging statistical techniques to mine and enhance downstream analysis tasks.

Whirly Labs · Cape Town, South Africa · contact@whirlylabs.com

Director of research and development at Whirly Labs leading the development of in-house program analysis tools as well as custom static analysis for clients across the globe.

Experience

Director of Research & Development

Whirly Labs

Whirly Labs offers both security consulting and custom static analysis solutions for companies of all sizes. As Director of R&D I oversee the development of in-house program analysis tools as well as the development of custom program visibility solutions offered to our clients. We are also research partners with Stellenbosch University through which I share primary contact a longside our CTO, Prof. Dr. Fabian Yamaguchi.

Jan 2023 - Present

Class Assistant and Hons Project Co-Supervisor

Stellenbosch University

Help students with course material during fixed sessions and online. Courses I have assisted or am currently assisting with are: vulnerability discovery and code analysis, functional programming, databases and web programming, computer networks, software engineering, and applied discrete mathematics.

February 2019 - Dec 2022

Internships

AWS, Santa Clara, CA
June 2022 - September 2022

Under the Amazon CodeGuru group as an applied science intern, we successfully collaborated on a novel static code analysis rule mining pipeline that resulted in the acceptance of the following paper at ICSE'23: A Language-agnostic Framework for Mining Static Analysis Rules from Code Changes

ACI Worldwide, CPT
December 2019 - January 2020

Frontend development in Angular 8 for payment terminal management software. Involved processing an input file, converting rows and transforming data into models, iterating through collection of models and posting resulting model to API. All features tested with Jasmin and E2E on a Jenkins pipeline.

MWR InfoSecurity, JHB
June 2019

Created a full-stack Vue.js, Tornado, MariaDB web application within two weeks from scratch. Deployed each of the three components using Docker and Docker Compose.

ACI Worldwide, CPT
November 2018 - January 2019

Maintained and added features to in-store software (Angular 6/Spring Boot/MSSQL) developed in the last internship (June 18 - July 18) and ended internship with being part of the architectural team for developing new time logging software. (Java)

ACI Worldwide, CPT
June 2018 - July 2018

Working under Postilion L3 Support to create maintenance and diagnostic software as web applications (Angular 6/Spring Boot/MS SQL) for clients and Help 24.

ACI Worldwide, CPT
November 2017 - January 2018

Working under Postilion L3 Support to create product enhancements for already present diagnostics software (Java) to serve clients and Help 24.

Intermittent

Education

University of Stellenbosch

PhD Candidate
Computer Science

Upgraded from MSc in 2021

February 2020 - Present

University of Stellenbosch

Bachelor of Science (Honours)
Computer Science

Cum Laude

February 2019 - November 2019

University of Stellenbosch

Bachelor of Science
Computer Science
February 2016 - November 2018

Grey High School, Port Elizabeth

Matric
Mathematics, Physics, Biology, and Information Technology
March 2011 - November 2015

Publications

Projects

Joern

Open-source code analysis platform based on code property graphs

I am an active contributor on Joern and help maintain the project while contributing my research efforts as new features. I largely own the jimple2cpg language frontend, dynamic type recovery, and call graph analysis algorithms. I have also contributed as minor improvements to the data-flow tracking engine in the form of bug fixes and performance improvements.

Outside of contributions, I also review pull requests for contributors outside of the core Joern.io group and also offer a paid service to onboard companies who wish to integrate Joern as part of their proprietary systems.

March 2021 - Present

Plume

JVM bytecode code-property graph (CPG) language frontend

Plume is a Scala library with the purpose of extracting a program's code-property graph (CPG) from JVM bytecode. The graph is persisted in a graph database of which the library supports multiple. Dataflow analysis is then performed on the CPG to track multiple dataflow issues.

This project is part of my MSc and is my current main focus. The source code and example usage can be found on the project's GitHub Organizations page and documentation found here.

Plume was submitted to the TigerGraph 2020 Graphathon and won 2nd place.

March 2020 - Present (maintenance mode)

VSC TigerGraph Extension

Syntax highlighting tool for GSQL

A community driven GSQL extension for VS Code. Due to the absence of extensions for GSQL on VS Code (one of my main code editors) I took the initiative to make my own starting with syntax highlighting. This can be found here.

May 2020 - Present

Yelp Open Dataset Quickstarters

Quick ways to get started with data analysis on the Yelp dataset

I've open-sourced three small projects that can help one get started with analysis on the Yelp dataset by providing a data cleaning script and import guides for TigerGraph and Neo4j.

This code was used for my 2019 honours project and for the RW334 web development course. These are the three parts of the code:

March 2019 - March 2020

Providentia

Database benchmarking suite

This is a web application that measures the query response times of 3 databases on queries and data analysis similar to those found in the real-world. The three databases benchmarked are JanusGraph, PostgreSQL, and TigerGraph.

This is the code behind my 2019 honours project and is what collected the results for my publication.

March 2019 - March 2020

Awards & Certifications