March 11, 2013: ESP-IGERT Colloquia - Maliheh Monshizadeh: "Input Validation Vulnerabilities in Web Applications and Countermeasures"

ESP-IGERT Colloquia


Input Validation Vulnerabilities in Web Applications and Countermeasures

Maliheh Monshizadeh
Monday, March 11, 2013
2:00 p.m., 1000 SEO Building


Abstract:
The current practice of web application development, the client and server components are usually written independently, in distinct programming languages and development platforms. This process is known to be prone to errors when the client and server share application logic. When the client and server are out of sync, an "impedance mismatch" occurs, often leading to software vulnerabilities exploited by attacks such as parameter tampering.

We are concerned with specific kind of application logic: the input validation logic. Examples of input validation include input character validation ("username does not contain special characters"), required fields ("phone number is required") and logical checks ("credit card expiry date in past").

In this talk, I will discuss input validation vulnerabilities and the related attacks (parameter tampering attack in particular) and the challenges involved in code analysis and synthesis, and then will introduce some of proposed techniques.

Brief Bio:

Maliheh Monshizadeh is a PhD student in the Department of Computer Science department at UIC and ESP-IGERT Associate. She works as a research assistant in the SISL Lab doing under the supervision of Professor Venkatakrishnan. Her main interests lie in Web Security and code analysis. Maliheh got her master degree in Information Technology (with a focus on Computer Networks) from Sharif University of Technology in Tehran, Iran and her Bachelor?s degree in Software Engineering from Shahid Beheshti University, Tehran, Iran.











































 
Copyright 2016 The Board of Trustees
of the University of Illinois.webmaster@cs.uic.edu
WISEST
Helping Women Faculty Advance
Funded by NSF