NDSS

Workshop on Measurements, Attacks and Defenses for the Web (MADWeb) 2019

Sunday February 24
  • 8:00 am - 7:00 pm
    Registration
    Kon Tiki Ballroom Foyer
  • 8:30 am - 8:40 am
    Welcome and Introductory Remarks
  • 8:40 am - 9:10 am
    Invited Talk 1
    Cockatoo
    • Abstract

      Cross-Site Scripting is a type of vulnerability which typically involves data flowing from an attacker-controllable source to a security-sensitive sink. In this talk, I will outline how we have used taint tracking to automatically find client-side XSS at a large scale. Moreover, apart from prevalence of this threat, I will outline how the general security landscape of the client-side Web has evolved and why vulnerabilities on the client are becoming more and more prevalent. Last but not least, I will report on our efforts to help developers remediate their issues, and finish with an outlook on what (I think) upcoming challenges for client-side security research might be.

    9:10 am - 10:00 am
    MADWeb 2019 Session 1
    Cockatoo
  • 10:00 am - 10:30 am
    Morning Workshop Break
    Entire Upstairs Foyer
  • 10:30 am - 11:30 am
    Panel: Browsers and Security
    Cockatoo
  • 11:30 am - 12:30 pm
    MADWeb 2019 Session 2
    Cockatoo
  • 12:30 pm - 1:30 pm
    Workshop Lunch
    Rousseau Center
  • 1:30 pm - 2:00 pm
    Invited Talk 2
    Cockatoo
    • Abstract

      Many web servers today face two types of clients: desktop web browsers and smartphone mobile apps. While analyzing the code (e.g., Javascript) running in a web browser can be used to identify the vulnerabilities of web servers, the analysis of mobile apps provides another rich avenue of studying the security of online web. In this talk, I will present a line of research of how to uncover various web server vulnerabilities through automated mobile app analysis. In particular, I will talk about AuthScope that identifies authorization vulnerabilities in web servers via differential analysis. Then, I will talk about LeakScope that identifies the data leakage vulnerabilities in the cloud from mobile apps. These mobile app centric analyses have identified thousands of vulnerabilities and responsible disclosures have all been made to the service providers. Finally, I will also discuss some future directions in this line of research.

    2:00 pm - 2:50 pm
    MADWeb 2019 Session 3
    Cockatoo
  • 2:50 pm - 3:30 pm
    Afternoon Workshop Break
    Entire Upstairs Foyer
  • 3:30 pm - 5:00 pm
    Brainstorming for research, collaborations and funding
    Cockatoo
  • 6:00 pm - 7:00 pm
    Welcome Reception
    Boardroom with Foyer