OGGI alle 15 a Povo / FBK-irst Chiedo scusa se lo segnalo solo ora ... ---- Speaker: Marco Cova, Università di Santa Barbara - CA Title: Vulnerability analysis of web applications Place: Sala Conferenze - FBK-IRST Via Sommarive 18, Povo - Trento Date: 24th September at 15.00 Abstract: Web applications are ubiquitous, perform mission-critical tasks, and handle sensitive user data. Unfortunately, web applications are often implemented by developers with limited security skills, and, as a result, they contain vulnerabilities. Past research has mostly focused on identifying security flaws, such as cross-site scripting and SQL injection, that are caused by the use of external input in critical operations. However, a number of interesting research problems remain open. In this talk, we will look at three representative problems in vulnerability analysis of web applications: detecting vulnerabilities caused by logic errors in the application, identifying multi-step attacks that exploit the interaction of multiple modules of an application, and precisely assessing the effectiveness of common security mechanisms, i.e., sanitization routines. Then, I will present the techniques we extended or developed to tackle these problems, in particular, anomaly detection and likely invariant learning, inter- module static analysis, and string modeling. Bio: Marco Cova is a PhD candidate with the Computer Security Lab at the University of California, Santa Barbara (http://www.cs.ucsb.edu/ ~marco/). His research interests include most aspects of computer security, with an emphasis on web security, vulnerability analysis, and intrusion detection. Recently, he also took part in two large- scale evaluations of the security of electronic voting systems used in California and Ohio. -- Per iscriversi (o disiscriversi), basta spedire un messaggio con OGGETTO "subscribe" (o "unsubscribe") a mailto:linuxtrent-request@xxxxxxxxxxxxx