PPT-Program Analysis for Web Application Security

Presented by Justin Samuel For UW CSE 504 Spring 10 Instructor Ben Livshits Finding Security Vulnerabilities in Java Applications with Static Analysis V Benjamin Livshits and Monica S Lam. Grant Murphy, CISSP VP Enterprise Solutions. Cenzic. /Barracuda/. Ponemon. Research Study – February 2011. “The State of Web Application Security”. 2. Barracuda Networks. Ponenon. Research – Key Findings. PQL. : . A Program Query Language. Michael Martin, . Ben . Livshits. , Monica . S. Lam. Stanford . University. First presented at OOPSLA 2005. Motivation. Lots of bug-finding research. Null . dereferences, memory errors. Prof. . Ravi Sandhu. Executive Director . and Endowed Chair. March 29, 2012. ravi.sandhu@utsa.edu. www.profsandhu.com. www.ics.utsa.edu. . © Ravi Sandhu. World-Leading Research with Real-World Impact!. Assessment and . Vulnerability . Assessment. Web Application Security Scanner. Is your website . hackable. ?. 70% of the websites are at serious risk of being hacked. Web applications attack accounts for up to 70% of all . Part 1. Authors: Marco . Cova. , . et al.. Presented by: Brett Parker and Tyler Maclean. Outline. Intro, Background, Trends. Technologies. Attacks. Vulnerability Analysis. Why web applications?. Growth of web-based applications over the years. October 2014. Finding and Applying for Federal Service Opportunities . Agenda. Why Federal Opportunities?. A Job for Every Interest. Benefits of Government Service. Where the Jobs Are. Find the Right Fit. Prof. . Ravi Sandhu. Executive Director . and Endowed Chair. October . 31, . 2011. ravi.sandhu@utsa.edu. www.profsandhu.com. www.ics.utsa.edu. . © Ravi Sandhu. World-Leading Research with Real-World Impact!. LeAnn Grogan . P. utney, PhD. Educational Psychology & Higher Education . Professor and Departmen. t. Chair. University of Nevada, Las Vegas. Joan Wink, PhD. Professor Emerita. California State University, Stanislaus. Prof. . Ravi Sandhu. Executive Director . and Endowed Chair. October . 31, . 2011. ravi.sandhu@utsa.edu. www.profsandhu.com. www.ics.utsa.edu. . © Ravi Sandhu. World-Leading Research with Real-World Impact!.    . *. Original slides by Prof. John . Mitchell. Outline. Introduction: . platforms and attacks. Apple . iOS. security model. Android security model. Windows 7, 8 Mobile security model. Announcement: See web site for second homework, third project. Joe Krull, CPP, CISSP, IAM, CISA, . A.Inst.ISP. , CRISC, CIPP. Presentation Overview . Basic Application Security (. AppSec. ) Fundamentals . Risks Associated With Vulnerable Applications. Understanding the Software Attack Surface . Website Hardening. Frosty Walker. Chief Information Security Officer. Texas Education Agency. Frosty.Walker@tea.texas.gov.   . (512) 463-5095. The Data Security Advisory Committee (DSAC) provides guidance to the Texas education communities, maximizing collaboration and communication regarding information security issues and resources which can be utilized within the educational communities served.. Prof. . Ravi Sandhu. Executive Director . and Endowed Chair. 11/11/11. ravi.sandhu@utsa.edu. www.profsandhu.com. www.ics.utsa.edu. . © Ravi Sandhu. World-Leading Research with Real-World Impact!. Institute for Cyber Security. John Mitchell. CS 155. Spring 2018. Outline. Introduction: static vs dynamic analysis. Static analysis. Program execution using state descriptions. Security examples: static analysis to find vulnerabilities.