Skip to main content
eScholarship
Open Access Publications from the University of California

Advanced Automated Web Application Vulnerability Analysis

  • Author(s): Doupé, Adam
  • Advisor(s): Vigna, Giovanni
  • et al.
Abstract

Web applications are an integral part of our lives and culture. We use

web applications to manage our bank accounts, interact with friends,

and file our taxes. A single vulnerability in one of these web

applications could allow a malicious hacker to steal your money, to

impersonate you on Facebook, or to access sensitive information, such

as tax returns. It is vital that we develop new approaches to discover

and fix these vulnerabilities before the cybercriminals exploit them.

In this dissertation, I will present my research on securing the web

against current threats and future threats. First, I will discuss my

work on improving black-box vulnerability scanners, which are tools

that can automatically discover vulnerabilities in web applications.

Then, I will describe a new type of web application vulnerability:

Execution After Redirect, or EAR, and an approach to automatically

detect EARs in web applications. Finally, I will present deDacota, a

first step in the direction of making web applications secure by

construction.

Main Content
Current View