Title: Discovering Web Vulnerabilities at an Intermediate Language Level
Speaker: Paulo Antunes, LASIGE/DI-FCUL
Date: May 11, 2023, 12h
Where: Room 6.3.27
Abstract: Web applications are a prime target for malicious actors to obtain private user information, such as credit card numbers and other sensitive details. Over the years, the number of vulnerabilities and attacks has increased, demonstrating that current solutions have shortcomings. For example, they can be prone to error or require too much resources/time from developers (or security analysts) to deliver results. We present a new approach to detecting vulnerabilities in web applications written in PHP by analyzing their representation in an Intermediate Language (IL) and simulating the execution through a new data structure.