Detection of web application vulnerabilities using sequence models

When: Thursday, 2014-Dec-04, 11h30-12h00
Where: FCUL-DI, room C6.3.05
Presenter: Ibéria Medeiros

Abstract: In this smalltalk, I will present a new static analysis method to detect web application vulnerabilities, as well the DEKANT mechanism that implements that method. Inspired in natural language processing (NLP), I use a sequence model — a Hidden Markov Model – to learn to characterize vulnerabilities based on a set of source code slices with its elements annotated as vulnerable or not. This knowledge takes into consideration the order in which the code elements appear in the slices, relating them. My goal is to collect opinions about the method and cases not covered by it to improve this work.

This entry was posted in Smalltalk. Bookmark the permalink.

Comments are closed.