Team for Research in
Ubiquitous Secure Technology

Static and Runtime Solution for Web Application Vulnerabilities
Benjamin Livshits, Michael Martin, Monica Lam

Citation
Benjamin Livshits, Michael Martin, Monica Lam. "Static and Runtime Solution for Web Application Vulnerabilities". Talk or presentation, 27, April, 2006; Poster given at Trust NSF Site Visit.

Abstract
Web applications vulnerabilities such as SQL injections, cross-site scripting attacks, etc. have been dominating vulnerability reports in the last 12-18 months, far outnumbering buffer overruns and other more familiar vulnerabilities. We present a hybrid static and runtime approach to addressing these problems. The static analyzer is based on state of the art pointer analysis technology and is designed to find vulnerabilities before the application is deployed. For existing applications, a dynamic instrumentation approach is used to protect the application together with potentially sensitive data contained in it, letting the application to continue running smoothly.

Electronic downloads

Citation formats  
  • HTML
    Benjamin Livshits, Michael Martin, Monica Lam. <a
    href="http://www.truststc.org/pubs/82.html"
    ><i>Static and Runtime Solution for Web Application
    Vulnerabilities</i></a>, Talk or presentation, 
    27, April, 2006; Poster given at Trust NSF Site Visit.
  • Plain text
    Benjamin Livshits, Michael Martin, Monica Lam. "Static
    and Runtime Solution for Web Application
    Vulnerabilities". Talk or presentation,  27, April,
    2006; Poster given at Trust NSF Site Visit.
  • BibTeX
    @presentation{LivshitsMartinLam06_StaticRuntimeSolutionForWebApplicationVulnerabilities,
        author = {Benjamin Livshits, Michael Martin, Monica Lam},
        title = {Static and Runtime Solution for Web Application
                  Vulnerabilities},
        day = {27},
        month = {April},
        year = {2006},
        note = {Poster given at Trust NSF Site Visit.},
        abstract = {Web applications vulnerabilities such as SQL
                  injections, cross-site scripting attacks, etc.
                  have been dominating vulnerability reports in the
                  last 12-18 months, far outnumbering buffer
                  overruns and other more familiar vulnerabilities.
                  We present a hybrid static and runtime approach to
                  addressing these problems. The static analyzer is
                  based on state of the art pointer analysis
                  technology and is designed to find vulnerabilities
                  before the application is deployed. For existing
                  applications, a dynamic instrumentation approach
                  is used to protect the application together with
                  potentially sensitive data contained in it,
                  letting the application to continue running
                  smoothly.},
        URL = {http://www.truststc.org/pubs/82.html}
    }
    

Posted by Christopher Brooks on 4 May 2006.
Groups: trust
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.