[Linuxtrent] [OT] seminario di Marco Cova su vulnerabilita' web

• From: "Maurizio Napolitano" <napoogle@xxxxxxxxx>
• To: linuxtrent@xxxxxxxxxxxxx
• Date: Wed, 24 Sep 2008 09:59:33 +0200

OGGI alle 15 a Povo / FBK-irst
Chiedo scusa se lo segnalo solo ora ...
----

Speaker: Marco Cova, Università di Santa Barbara - CA

Title:   Vulnerability analysis of web applications

Place:   Sala Conferenze - FBK-IRST
           Via Sommarive 18, Povo - Trento

Date:      24th September at 15.00


Abstract:
Web applications are ubiquitous, perform mission-critical tasks, and
handle sensitive user data. Unfortunately, web applications are often
implemented by developers with limited security skills, and, as a
result, they contain vulnerabilities. Past research has mostly focused
on identifying security flaws, such as cross-site scripting and SQL
injection, that are caused by the use of external input in critical
operations. However, a number of interesting research problems remain
open.

In this talk, we will look at three representative problems in
vulnerability analysis of web applications: detecting vulnerabilities
caused by logic errors in the application, identifying multi-step
attacks that exploit the interaction of multiple modules of an
application, and precisely assessing the effectiveness of common
security mechanisms, i.e., sanitization routines. Then, I will present
the techniques we extended or developed to tackle these problems, in
particular, anomaly detection and likely invariant learning, inter-
module static analysis, and string modeling.


Bio:
Marco Cova is a PhD candidate with the Computer Security Lab at the
University of California, Santa Barbara (http://www.cs.ucsb.edu/
~marco/). His research interests include most aspects of computer
security, with an emphasis on web security, vulnerability analysis,
and intrusion detection. Recently, he also took part in two large-
scale evaluations of the security of electronic voting systems used in
California and Ohio.
--
Per iscriversi  (o disiscriversi), basta spedire un  messaggio con OGGETTO
"subscribe" (o "unsubscribe") a mailto:linuxtrent-request@xxxxxxxxxxxxx

Other related posts:

• » [Linuxtrent] [OT] seminario di Marco Cova su vulnerabilita' web

1. Home
2. linuxtrent
3. Archive
4. 09-2008

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---