Campus Event Calendar
Event Entry
What and Who
Taming the Malicious Web: Avoiding and Detecting Web-based Attacks
Marco Cova
University of California, Santa Barbara
SWS Colloquium
SWS, RG1
AG Audience
English
Note: We use this to send email in the morning.
Date, Time and Location
Monday, 29 March 2010
11:00
90 Minutes
E1 5
5th floor
Saarbrücken
Abstract
The world wide web is an essential part of our infrastructure and a
predominant mean for people to interact, do business, and participate to
democratic processes.
Unfortunately, in recent years, the web has also become a more
dangerous place. In fact, web-based attacks are now a prevalent and serious
threat. These attacks target both web applications, which store sensitive
data (such as financial and personal records) and are trusted by large user
bases, and web clients, which, after a compromise, can be mined for private
data or used as drones of a botnet.
In this talk, we will present an overview of our techniques to detect,
analyze, and mitigate malicious activity on the web.
In particular, I will present a system, called Wepawet, which targets the
problem of detecting web pages that launch drive-by-download attacks
against their visitors. Wepawet visits web pages with an instrumented
browser and records events that occur during the interpretation of their
HTML and JavaScript code. This observed activity is analyzed using anomaly
detection techniques to classify web pages as benign or malicious. We made
our tool available as an online service, which is currently used by several
thousands of users every month.
We will also discuss techniques to automatically detect vulnerabilities and
attacks against web applications. In particular, we will focus on static
analysis techniques to identify ineffective sanitization routines and to
detect vulnerabilities stemming from the interaction of multiple modules of
a web application. These techniques found tens of vulnerabilities in
several real-world web applications.
predominant mean for people to interact, do business, and participate to
democratic processes.
Unfortunately, in recent years, the web has also become a more
dangerous place. In fact, web-based attacks are now a prevalent and serious
threat. These attacks target both web applications, which store sensitive
data (such as financial and personal records) and are trusted by large user
bases, and web clients, which, after a compromise, can be mined for private
data or used as drones of a botnet.
In this talk, we will present an overview of our techniques to detect,
analyze, and mitigate malicious activity on the web.
In particular, I will present a system, called Wepawet, which targets the
problem of detecting web pages that launch drive-by-download attacks
against their visitors. Wepawet visits web pages with an instrumented
browser and records events that occur during the interpretation of their
HTML and JavaScript code. This observed activity is analyzed using anomaly
detection techniques to classify web pages as benign or malicious. We made
our tool available as an online service, which is currently used by several
thousands of users every month.
We will also discuss techniques to automatically detect vulnerabilities and
attacks against web applications. In particular, we will focus on static
analysis techniques to identify ineffective sanitization routines and to
detect vulnerabilities stemming from the interaction of multiple modules of
a web application. These techniques found tens of vulnerabilities in
several real-world web applications.
Contact
Claudia Richter
9325 688
--email hidden
Video Broadcast
Yes
Kaiserslautern
G26
206
passcode not visible
logged in users only
Claudia Richter, 03/16/2010 13:32 -- Created document.