Add to ORKGOur objective in web security is to move black box to white box in enterprise practices. In this paper, we explain how our approaches achieve the goal in terms of static and dynamic analysis. To better explain the framework and roadmap of analysis work, we describe our approaches by using macro and micro views individually. Based on this foundation, we explore dynamic analysis in string validation and node tracking, and introduce micro and macro views to architect comprehensive approaches. Micro view is related to the mechanism inside the node, so the event triggers and string validation are both under its coverage. Macro view is related to the node tracking which is under investigation of pattern benchmarking. Our evaluation reflects that ...
The paper proposes a framework for dynamic service-oriented IT systems security. We review the conte...
In the last few years, the discovery of World Wide Web (WWW) has grown very much. Today, WWW applica...
Thesis: Ph. D., Massachusetts Institute of Technology, Department of Electrical Engineering and Comp...
The usage of WebAssembly (Wasm) is not only increasing in the web browser, but also as a backend tec...
The design of the techniques and algorithms used by the static, dynamic and interactive security tes...
As the number of web applications and the corresponding number and sophistication of the threats inc...
This document presents an excerpt from the research results that I have obtained since I received a ...
International audienceSoftware Hardening against memory safety exploits can be achieved from the sil...
Increasingly, web applications handle sensitive data and interface with critical back-end components...
The Web poses novel and interesting problems for both programming language design and verification—a...
The problem of supporting the secure execution of potentially malicious third-party applications has...
The attack surface of a system represents the exposure of application objects to attackers and is af...
The effectiveness of the widely adopted static analysis tools is often limited by JavaScript’s dynam...
With the increase of global accessibility of web applications, maintaining a reasonable security lev...
Static analysis tools come in many forms and configurations, allowing them to handle various tasks i...
The paper proposes a framework for dynamic service-oriented IT systems security. We review the conte...
In the last few years, the discovery of World Wide Web (WWW) has grown very much. Today, WWW applica...
Thesis: Ph. D., Massachusetts Institute of Technology, Department of Electrical Engineering and Comp...
The usage of WebAssembly (Wasm) is not only increasing in the web browser, but also as a backend tec...
The design of the techniques and algorithms used by the static, dynamic and interactive security tes...
As the number of web applications and the corresponding number and sophistication of the threats inc...
This document presents an excerpt from the research results that I have obtained since I received a ...
International audienceSoftware Hardening against memory safety exploits can be achieved from the sil...
Increasingly, web applications handle sensitive data and interface with critical back-end components...
The Web poses novel and interesting problems for both programming language design and verification—a...
The problem of supporting the secure execution of potentially malicious third-party applications has...
The attack surface of a system represents the exposure of application objects to attackers and is af...
The effectiveness of the widely adopted static analysis tools is often limited by JavaScript’s dynam...
With the increase of global accessibility of web applications, maintaining a reasonable security lev...
Static analysis tools come in many forms and configurations, allowing them to handle various tasks i...
The paper proposes a framework for dynamic service-oriented IT systems security. We review the conte...
In the last few years, the discovery of World Wide Web (WWW) has grown very much. Today, WWW applica...
Thesis: Ph. D., Massachusetts Institute of Technology, Department of Electrical Engineering and Comp...