Advanced automated web application vulnerability analysis
- Degree Grantor:
- University of California, Santa Barbara. Computer Science
- Degree Supervisor:
- Giovanni Vigna
- Place of Publication:
- [Santa Barbara, Calif.]
- Publisher:
- University of California, Santa Barbara
- Creation Date:
- 2014
- Issued Date:
- 2014
- Topics:
- Computer Science
- Keywords:
- Computer security,
Web security, and
Vulnerability analysis - Genres:
- Online resources and Dissertations, Academic
- Dissertation:
- Ph.D.--University of California, Santa Barbara, 2014
- Description:
Web applications are an integral part of our lives and culture. We use web applications to manage our bank accounts, interact with friends, and file our taxes. A single vulnerability in one of these web applications could allow a malicious hacker to steal your money, to impersonate you on Facebook, or to access sensitive information, such as tax returns. It is vital that we develop new approaches to discover and fix these vulnerabilities before the cybercriminals exploit them.
In this dissertation, I will present my research on securing the web against current threats and future threats. First, I will discuss my work on improving black-box vulnerability scanners, which are tools that can automatically discover vulnerabilities in web applications. Then, I will describe a new type of web application vulnerability: Execution After Redirect, or EAR, and an approach to automatically detect EARs in web applications. Finally, I will present deDacota, a first step in the direction of making web applications secure by construction.
- Physical Description:
- 1 online resource (227 pages)
- Format:
- Text
- Collection(s):
- UCSB electronic theses and dissertations
- Other Versions:
- http://gateway.proquest.com/openurl?url_ver=Z39.88-2004&rft_val_fmt=info:ofi/fmt:kev:mtx:dissertation&res_dat=xri:pqm&rft_dat=xri:pqdiss:3645627
- ARK:
- ark:/48907/f3d798k8
- ISBN:
- 9781321349337
- Catalog System Number:
- 990045116890203776
- Copyright:
- Adam Doupé, 2014
- Rights:
- In Copyright
- Copyright Holder:
- Adam Doupé
File | Description |
---|---|
Access: Public access | |
Doup_ucsb_0035D_12207.pdf | pdf (Portable Document Format) |