Title: Discovering, Exploiting and Fixing Web Vulnerabilities at an Intermediate Language Level
Speaker: Paulo Antunes, LASIGE/DI-FCUL
Date: May 12, 12h
Where: Room 6.3.27
Abstract: Web applications provide essential services to millions of users on a daily basis. However, the potential existence of web vulnerabilities can put these services and its users at risk. To mitigate this issue, we propose an approach that performs an analysis of the application by leveraging its intermediate language. By utilizing this lower level language and simulating its execution it becomes possible to avoid common approximations performed by other analysis tools. The objective is to detect the vulnerability and provide a proof-of-concept exploit along with automatically producing a patched version of the application.