The University of Arizona

Events & News


DateTuesday, February 25, 2014
Time11:00 am
Concludes12:15 pm
LocationGould-Simpson 906
DetailsPlease join us for coffee and light refreshments at 10:45am in the 9th Floor Atrium.

Faculty Host John Hartman
SpeakerAdam Doupe
TitlePhD Candidate
AffiliationComputer Science, University of California - Santa Barbara

Automated Approaches for Security Testing of Web Applications: Bug Finding in the Ever-Changing Web

Web applications are an integral part of our lives and culture. We use web applications to manage our bank accounts, interact with friends, and file our taxes. A single vulnerability in one of these web applications could allow a malicious hacker to steal your money, to impersonate you on Facebook, or to access sensitive information, such as tax returns. It is vital that we develop new approaches to discover and fix these vulnerabilities before the cybercriminals do.

In this talk, I will present my research on securing the web against current threats and future threats. First, I will discuss my work on improving black-box vulnerability scanners, which are tools that can automatically discover vulnerabilities in web applications. Then, I will describe a new type of web application vulnerability: Execution After Redirect, or EAR, and an approach to automatically detect EARs in web applications. These examples show that, in order to secure web applications, we must develop novel approaches to combat current threats while also keeping our focus on developing web applications that are secure by design.


Adam Doupe is a PhD student in Computer Science at UC Santa Barbara. His main research interests are at the intersection of computer security and program analysis, and he is also interested in situational awareness, educational hacking competitions, and excellent scientific writing.