A Scalable and Accurate Hybrid Vulnerability Analysis Framework

Date: 
01/09/2014 to 14/04/2018

As the Internet has become an integral part of our everyday life for activities such as e-mail, online-banking, shopping, entertainment, etc., vulnerabilities in Web software arguably have greater impact than vulnerabilities in other types of software. Vulnerabilities in Web applications may lead to serious issues such as disclosure of confidential data, integrity violation, denial of service, loss of commercial confidence/customer trust, and threats to the continuity of business operations. For companies these issues can result in significant financial losses.The most common and serious threats for Web applications include injection vulnerabilities, where malicious input can be “injected” into the program to alter its intended behavior or the one of another system. These vulnerabilities can cause serious damage to a system and its users. For example, an attacker could compromise the systems underlying the application or gain access to a database containing sensitive information.

The goal of this thesis is to provide a scalable approach, based on symbolic execution and constraint solving, which aims to effectively find injection vulnerabilities in the server-side code of Java Web applications and which generates no or few false alarms, minimizes false negatives, overcomes the path explosion problem and enables the solving of complex constraints.

Week: 
Monday, 12 November, 2018

Project type:

News

GDPR TIPS that drives Privacy by Design

As GDPR has opened a new chapter for data protection & give new impetus to the way privacy is protected in electronic communication, here are 5 GDPR tips provided by PDP4E, our featured project of the week, that aim to promote and ignite the interest of the cybersecurity and privacy community and the general public.

Future Events

Privacy Day Forum 2019
19/06/2019
Image:

After 7,000 participants in seven editions, the eighth Privacy Day Forum will take place on Wednesday 19 June 2019at the CNR Research Area of ​​Pisa . (View the day's schedule  ). It is possible to follow the program of the plenary also live streaming.

Cyber Security & Cloud Expo Europe 2019
19/06/2019 to 20/06/2019
Image:

The Cyber Security & Cloud Expo Europe 2019 will host two days of top level discussion around cyber security and cloud, and the impact they are having on industries including government, energy, financial services, healthcare and more.