-
Recent Posts
Recent Comments
Arkadiusz Robiński on HTTP Parameter Pollution. So h… c3ret on HTTP Parameter Pollution. So h… Archives
Categories
Meta
Monthly Archives: December 2010
Update on PAPAS and HTTP Parameter Pollution [Part 1]
My first post on HTTP Parameter Pollution has been read by more than 1,500 people, and several other security portals have blogged about it (e.g., Security-Shell, PenTestIT, Dark Reading, ToolsWatch, Packet Storm and Security Focus). So far, PAPAS, our online HPP … Continue reading
G-Free: Defeating Return-Oriented Programming and ACSAC 2010
After an adrenaline-inducing trip involving an aircraft breakdown and heavy snowing, I am back from Austin, TX, where I attended ACSAC ’10 together with Davide. Austin is promoted as the “The Live Music Capital of the World”, and it shows: … Continue reading
Posted in Conferences, Systems Security
Tagged 2010, acsac, conference, return oriented programming, rop, talk
Leave a comment
The Evolution of Input Validation Vulnerabilities in Web Applications
Today, we finalized the camera-ready version of our paper that we will present in the upcoming Financial Cryptography and Data Security ’11 conference to be held at St. Lucia. In the paper entitled “Quo Vadis? A Study of the Evolution … Continue reading
BADGERS 2011 Call for Papers
In April, I am co-chairing a new workshop called BADGERS (Building Analysis Datasets and Gathering Experience Returns for Security) with Thorsten. The BADGERS workshop is intended to encourage the development of large scale security-related data collection and analysis initiatives. It will … Continue reading
Posted in Call For Papers, General
Leave a comment
HTTP Parameter Pollution. So how many flawed applications exist out there?! We go online with a new service.
In this post, I’d like to give a brief overview about our upcoming paper on detecting HPP problems in web applications. The idea is to save readers from the effort of going through the entire paper. Typically, web applications are … Continue reading
OWASP BeNeLux 2010
I just got back from Holland where I was invited to participate in the annual OWASP BeNeLux conference with a talk on Clickjacking. For the second year, the OWASP chapters of Holland, Belgium and Luxembourg co-organized an event with the … Continue reading
EXPOSURE, a new upcoming service for finding malicious domains using passive DNS analysis
One of the papers we will be presenting in the upcoming NDSS 2011 conference in San Diego will be Leyla‘s work on detecting malicious DNS domains using large-scale passive DNS analysis. We have used EXPOSURE in practice to automatically detect … Continue reading
LEET 11 and Eurosec 11 workshops
I am involved in two interesting workshops next year: LEET and Eurosec. Both events are being partially-organized by iSecLab members. I am chairing Eurosec and Chris is chairing LEET. Both workshops usually have interesting programs and I would encourage the submission … Continue reading
Posted in Call For Papers, General
Leave a comment
Detecting Privacy Leaks in iPhone Applications
In the upcoming NDSS 2011 conference in San Diego, one of the papers our team will be presenting is Manuel‘s work on detecting privacy leaks in iPhone applications. The sales of smartphones have exploded recently — especially because of mobile phone … Continue reading
Posted in Binary Analysis, General, Privacy
Leave a comment
NATO RTO’091
Last week, I participated at the two-day NATO RTO symposium on Information Assurance and Cyber Defence in Tallinn, the capital of Estonia. Originally to be held in Antalya, Turkey, in April, the event was canceled due to the ash-crisis in … Continue reading
Posted in Web Security
Leave a comment