Detecting and Preventing Web Application Security Vulnerabilities via Program Analysis

Add to Calendar
January 11, 2013 12:00 pm - 1:00 pm
KACB 1116E

Web applications are the subject of an increasing number of attacks. Most attack types involve injection of malicious content into the data processed by the Web application (e.g. HTTP parameter values, session attributes, cookies, etc). The large number of severe attacks reported in recent years on banking applications, as well as corporate and government Web sites, has created a special motivation to develop analysis tools for detecting vulnerabilities in Web applications. In the last five years, Tripp has been a leading member of an IBM project with this goal, collaborating with researchers at IBM and in academia. In this talk, he will present several research challenges that were addressed as part of this ambitious project, as well as solutions developed in response to these challenges.