Master of Technology, CS Indian Institute of Technology, Kanpur CPA: 7.71/10.0

Size: px
Start display at page:

Download "Master of Technology, CS Indian Institute of Technology, Kanpur CPA: 7.71/10.0"

Transcription

1 1/5 Prithvi Bisht 1500 Harbour Dr, Unit 4D, Wheeling, Illinois, T B p b i s h c s. u i c. e d u, b i s h t s p y a h o o. c o m WWW: pbisht Overview Extensive experience spanning 10+ years of Research and Development activities: 6 years in intensive and cutting-edge computer security research that resulted in several innovative, novel ideas and prototype tools for finding and fixing security vulnerabilities, 4+ years in software industry that resulted in contributions to in-market as well as future products of companies such as Intel. I am interested in designing and developing innovative, pragmatic and effective solutions to combat computer security issues. My expertise is in Language-based security solutions i.e., prevent / eliminate / detect vulnerabilities through program analysis and retrofitting. My doctoral dissertation titled Improving Web Security by Automated Extraction of Web Application Intent observed that the source code of a web application contains a wealth of information about its intended behavior. Typically, attacks manifest by tricking applications to yield unintended behaviors. This dissertation offers novel techniques that generate models of intended behavior through program analysis and then use them to prevent / eliminate attacks (enforce conformance to the model) or to find concrete attacks (find lapses in model enforcement). Education Doctor of Philosophy, CS University of Illinois at Chicago GPA: 4.0/4.0 Aug Aug 2011 Advisor: Prof. V.N. Venkatakrishnan Master of Technology, CS Indian Institute of Technology, Kanpur CPA: 7.71/10.0 Jul Feb 2002 Advisor: Prof. Rajat Moona Bachelor of Engineering, CS G.B. Pant Engineering College Percentage: 80% (honors) Jun Jun 2000 Skills Research: Security analysis of systems/solutions, problem identification, theoretical analysis, solution development & concept prototyping, author academic literature & research proposals, collaboration, knowledge extraction & critical review of academic literature. Software Engineering: Conception, design, implementation, optimization, debugging, documentation, support and growth of small to large, long-term software development projects Computer Languages: C, Java, L A TEX, JavaScript, Perl, Shell script, PHP, SQL Employment Experience Postdoc Research Associate Jul 2011 Sep 2012 University of Illinois at Chicago, Department of Computer Science, Chicago, IL, USA Shaped ideas and spearheaded efforts on designing an effective solution for preventing parameter tampering exploits. Submitted a grant proposal to NSF for funding parameter tampering research. Co-Founder and Partner Apr 2012 Sep 2012 Aegilys Inc., Chicago, USA Participated in 7 Week intensive National Science Foundation (NSF) I-Corps program to assess business feasibility of ideas. Developed a business model (Osterwalder Canvas) with key components such as value propositions, key customers, channels, revenue streams, etc., and refined these with customer interviews. Interviewed over 70 potential customers (CEOs, Managers, Developers) ranging from Fortune-500 companies to small startups to identify key customer needs in the application security domain. Spearheaded efforts in writing and submitting an NSF Small Business Innovation Research (SBIR) grant. 1

2 Prithvi Bisht 2/5 Research Assistant Jan 2007 Jul 2011 University of Illinois at Chicago, Department of Computer Science, Chicago, IL, USA Studied security issues in Web applications. Proposed solutions for mitigation of top security threats including SQL-injection, Cross-site scripting and Cross-site request forgery. Proposed novel ways of finding high impact vulnerabilities in commercial web applications (online banking / shopping). Published research papers in top tier security conferences and participated in preparation of grant proposals to NSF. Peer reviewed academic conference papers and journal articles. Prototyped and evaluated several research ideas. Doctoral Intern May 2010 Aug 2010 SRI International, Computer Science Lab, Menlo Park, CA, USA Analyzed malicious Flash applications and prepared a categorized knowledge base. Studied existing literature on security analysis of binary applications. Proposed a novel scheme to find and prevent Zero-day attacks in binary applications. Senior Software Developer Jul 2003 Jul 2006 Intel Corporation, Bangalore, India Designed and developed software for concept platforms of Intel. Proposed novel ideas that showcased hardware strength. Prototyped and prepared demos for higher management to get seed money for projects. Interfaced with Bluetooth stack vendors (Toshiba Japan, IVT China) as the sole technical contact. Published patentable ideas at Senior Software Developer Mar 2002 Jul 2003 Novell Inc., Bangalore, India Developed software to provide location independent secure access to the corporate information. Teaching/Research Assistant Jul 2000 Feb 2002 Indian Institute of Technology Kanpur, Department of Computer Science, Kanpur, India Developed an architecture-independent disassembler. Studied hands-on security (buffer overflows, trojan horses, packet sniffers). Mentored tutorial sessions and graded assignments for undergraduate class Introduction to Programming. Publications Refereed Conference Papers 1. Dont Repeat Yourself: Automatically Synthesizing Client-side Validation Code for Web Applications (Demo Paper). Nazari Skrupsky, Maliheh Monshizadeh, Prithvi Bisht, Timothy Hinrichs, V.N. Venkatakrishnan, and Lenore Zuck. In WEBAPPS 12: Proceedings of the 3rd Usenix Conference on Web Application Development Boston, MA, USA, SWIPE: Eager Erasure of Sensitive Data in Large Scale Systems Software. Kalpana Gondi, Prithvi Bisht, A. Prasad Sistla and V.N. Venkatakrishnan. In CODASPY 12: Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy San Antonio, TX, USA, 2012, Acceptance Rate = 21 / 113, 18%. 3. WAPTEC: Whitebox Analysis of Web Applications for Parameter Tampering Exploit Construction. Prithvi Bisht, Timothy Hinrichs, Nazari Skrupsky, and V.N. Venkatakrishnan. In CCS 11: Proceedings of the 18th ACM Conference on Computer and Communications Security, Chicago, Illinois, USA, 2011, Acceptance Rate = 60 / 429, 14%. 2

3 Prithvi Bisht 3/5 4. NoTamper: Automatic Blackbox Detection of Parameter Tampering Opportunities in Web Applications. Prithvi Bisht, Timothy Hinrichs, Nazari Skrupsky, Radoslaw Bobrowicz and V.N. Venkatakrishnan. In CCS 10: Proceedings of the 17th ACM Conference on Computer and Communications Security, Chicago, Illinois, USA, 2010, Acceptance Rate = 55 / 320, 17%. 5. TAPS: Automatically Preparing Safe SQL Queries (Poster Paper). Prithvi Bisht, A. Prasad Sistla and V.N. Venkatakrishnan. In CCS 10: Proceedings of the 17th ACM Conference on Computer and Communications Security, Chicago, Illinois, USA, 2010, Acceptance Rate = 44 / 69, 64%. 6. Automatically Preparing Safe SQL Queries. Prithvi Bisht, A. Prasad Sistla and V.N. Venkatakrishnan. In FC 10: Proceedings of the 14th International Conference on Financial Cryptography and Data Security, Tenerife, Canary Islands, Spain, 2010, Acceptance Rate = 19 / 130, 14.6%. 7. Strengthening XSRF Defenses for Legacy Web Applications Using White-box Analysis and Transformation. Michelle Zhou, Prithvi Bisht and V.N. Venkatakrishnan. In ICISS 10: Proceedings of the 6th International Conference on Information Systems Security, Gandhinagar, Gujarat, India, 2010, Acceptance Rate = 14 / 51, 27%. 8. XSS-GUARD: Precise Dynamic Prevention of Cross-site Scripting Attacks. Prithvi Bisht and V.N. Venkatakrishnan. In DIMVA 08: Proceedings of the 5th Conference on Detection of Intrusions & Malware, and Vulnerability Assessment, Paris, France, 2008, Acceptance Rate = 13 / 42, 31%. 9. CANDID: Preventing SQL Injection Attacks using Dynamic Candidate Evaluations. Sruthi Bandhakavi, Prithvi Bisht, P. Madhusudan and V.N. Venkatakrishnan. In CCS 07: Proceedings of the 14th ACM Conference on Computer and Communications Security, Alexandria, Virginia, USA, 2007, Acceptance Rate = 55 / 302, 18%. Refereed Journal Articles 10. CANDID: Dynamic Candidate Evaluations for Automatic Prevention of SQL Injection Attacks. Prithvi Bisht, P. Madhusudan and V.N. Venkatakrishnan. ACM Trans. Inf. Syst. Secur., Volume 13, Number 2, 2010, New York, NY, USA. Refereed Workshop Papers 11. Analysis of Hypertext Isolation Techniques for Cross-site Scripting Prevention. Mike Ter Louw, Prithvi Bisht and V.N. Venkatakrishnan. In 2nd Workshop in Web 2.0 Security and Privacy, Oakland, CA, USA, Acceptance Rate = 14 / 45, 31%. Invited Papers 12. WebAppArmor: A Framework for Preventing Web-based Attacks. V.N. Venkatakrishnan, Prithvi Bisht, Mike Ter Louw, Michelle Zhou, Kalpana Gondi and K. T. Ganesh. In ICISS 10: Proceedings of the 6th International Conference on Information Systems Security, Gandhinagar, Gujarat, India, Book Chapters 13. Formal Methods in Web Application Security. Prithvi Bisht and V.N. Venkatakrishnan. To appear in Encyclopedia of Cryptography and Security, 2nd Ed., Springer, (Editors: Henk C.A. van Tilborg and Sushil Jajodia). Patents 14. Apparatus for Enhancing Web Application Security and Method Therefor. US Patent Number: , with V.N. Venkatakrishnan and A. Prasad Sistla. 15. Methods for Automatically Discovering Parameter Tampering Exploits in Web Applications. Filed provisional patent to US Patent Office, with Nazari Skrupsky, Timothy Hinrichs, Nazari Skruspky, and V.N. Venkatakrishnan. 3

4 Prithvi Bisht 4/5 Under Submission 1. TamperProof: A Server-Agnostic Defense for Parameter Tampering Attacks on Web Applications. with Nazari Skrupsky, Timothy Hinrichs, Lenore Zuck and V.N. Venkatakrishnan. 2. WAVES: Automatic Synthesis of Client-side Validation Code for Web Applications. with Nazari Skrupsky, Maliheh Monshizadeh, Timothy Hinrichs, V.N. Venkatakrishnan, and Lenore Zuck. Online Demos of Developed Software 1. TAPS Online Demo: Demonstrates re-writing of SQL injection vulnerable code samples to equivalent safe PREPARE statements based code (Refer to publications [5, 6]). This tool entailed complex engineering to build an understanding of vulnerable parts of the software, re-produce the safe equivalent code, and in handling many features of PHP language. 2. WAPTEC Online Demo: Demonstrates re-writing of PHP programs to capture traces that represent statements executed in a specific run of the web application (Refer to publication [3]). This tool entailed complex engineering to handle challenges posed by weak typing of PHP language (in propagating taint etc.). 3. TamperProof Online Demo: Demonstrates effectiveness of TamperProof (solution to prevent parameter tampering attacks currently under submission). This tool entailed challenges in achieving acceptable performance for an online defense. Professional Activities Program Committee: International Conference on Information Systems Security (ICISS): 2012 Peer-reviewed research articles for: IEEE Security & Privacy (Oakland): 2010, 2011, 2012 Network & Distributed Systems Security (NDSS): 2011 ACM Computer & Communications Security (CCS): 2009 Recent Advances in Intrusion Detection (RAID): 2008, 2010 Annual Computer Security Applications Conference (ACSAC): 2008, 2009, 2010, 2011 World Wide Web (WWW): 2012 Computer Security Foundations Symposium (CSFW): 2009 Journal of Computer Security (JCS): 2009 IET Information Security Journal (ISJ): 2011 Journal of Software Practice and Experience (JSPE): 2008 Web 2.0 Security and Privacy (W2SP): 2011 International Conference on Information Systems Security (ICISS): 2011 Volunteered services: Contributed to summaries of paper presentations, poster sessions and work-in-progress talks for Usenix Security 2010, Washington, DC, USA and Usenix Security 2009, Montreal, Canada Local Arrangements: ACM Computer and Communications Security (CCS): 2009, 2010 and International Conference on High Performance Computing (HiPC): 2006 Presentations WAPTEC: Whitebox Analysis of Web Applications for Parameter Tampering Exploit Construction Paper presentation, CCS conference, Chicago, IL, USA, Web Application Security: Trends and Mitigation through Source Code Analysis. Dasient, Sunnyvale, USA, Mar 2011 AT&T Security Research Center, New York, USA, Feb 2011 SRI International, Computer Science Lab Seminar, Menlo Park, USA, Dec

5 Prithvi Bisht 5/5 NoTamper: Automatic Blackbox Detection of Parameter Tampering Opportunities in Web Applications Poster presentation, Computer Security Awareness Week (CSAW), NY, USA, Oct 2010 Paper presentation, CCS Conference, Chicago, USA, Oct 2010 Rump session presentation, Usenix Security Symposium, Washington, USA, Aug 2010 Taps: Automatically Preparing Safe SQL Queries Paper presentation, FC Conference, Tenerife, Spain, Jan 2010 Poster presentation, CCS Conference, Chicago, USA, Oct 2010 XSS-Guard: Precise Dynamic Prevention of Cross-site Scripting Attacks. Paper presentation, DIMVA Conference, Paris, France, Jul 2008 Candid: Preventing SQL Code Injection Attacks Work-in-progress presentation, Usenix Security Symposium, Boston, Aug 2007 Poster presentation, Midwest Security Workshop, Chicago, Oct 2007 Honors and Distinctions NoTamper project was among the 10 finalists in NYU-Polytechnic Computer Security Awareness Week competition 2010 (open to all students in the Continental USA). Research work featured in news Oct 2010: Oct 2010: Oct 2009: Student travel grants: 16 th, 18 th and 19 th Usenix Security Symposium (2007, 2009, 2010) All India Rank 52, Graduate Aptitude Test of Engineering, India, 2000 (99.06 percentile). Security Relevant Coursework at UIC Advanced Web and Electronic Voting Security Codes & Cryptography Formal Methods in Concurrent and Distributed Systems Computer Systems Security Secure Computer Systems Network and Distributed Systems Security 5

V.N. Venkat Venkatakrishnan

V.N. Venkat Venkatakrishnan V.N. Venkat Venkatakrishnan Vita CONTACT INFORMATION Department of Computer Science Voice : (312) 996-4860 University of Illinois at Chicago Fax : (312) 413-0024 Chicago, IL 60607 E-mail : venkat@cs.uic.edu

More information

Improving Web Security by. Automated Extraction of. Web Application Intent

Improving Web Security by. Automated Extraction of. Web Application Intent Improving Web Security by Automated Extraction of Web Application Intent BY PRITHVI PAL SINGH BISHT M.Tech., Indian Institute of Technology, Kanpur, India, 2002 B.E., Govind Ballabh Pant Engineering College,

More information

Deep Security/Intrusion Defense Firewall - IDS/IPS Coverage Statistics and Comparison

Deep Security/Intrusion Defense Firewall - IDS/IPS Coverage Statistics and Comparison Deep Security/Intrusion Defense Firewall - IDS/IPS Trend Micro, Incorporated A technical brief summarizing vulnerability coverage provided by Deep Security and Intrusion Defense Firewall. The document

More information

Deep Security Intrusion Detection & Prevention (IDS/IPS) Coverage Statistics and Comparison

Deep Security Intrusion Detection & Prevention (IDS/IPS) Coverage Statistics and Comparison Deep Security Intrusion Detection & Prevention (IDS/IPS) Trend Micro, Incorporated A technical brief summarizing vulnerability coverage provided by Deep Security. The document also outlines a comparison

More information

AT&T Global Network Client for Windows Product Support Matrix January 29, 2015

AT&T Global Network Client for Windows Product Support Matrix January 29, 2015 AT&T Global Network Client for Windows Product Support Matrix January 29, 2015 Product Support Matrix Following is the Product Support Matrix for the AT&T Global Network Client. See the AT&T Global Network

More information

XSS-GUARD : Precise Dynamic Prevention of Cross Site Scripting (XSS) Attacks

XSS-GUARD : Precise Dynamic Prevention of Cross Site Scripting (XSS) Attacks XSS-GUARD : Precise Dynamic Prevention of Cross Site Scripting (XSS) Attacks Prithvi Bisht (http://cs.uic.edu/~pbisht) Joint work with : V.N. Venkatakrishnan Systems and Internet Security Laboratory Department

More information

ADAM MACNEIL BATES. Areas of specialization. Current Academic Appointment. Education. Honors & Awards

ADAM MACNEIL BATES. Areas of specialization. Current Academic Appointment. Education. Honors & Awards ADAM MACNEIL BATES Ph.D. Candidate Office: E451 CSE Building Department of Computer & Information Sciences & Engineering Gainesville, FL 32653 University of Florida USA email: bates@cise.ufl.edu Phone:

More information

M.S. in Computer Science 2009-2011

M.S. in Computer Science 2009-2011 Karim O. Elish Assistant Professor Department of Computer Science Indiana University-Purdue University Fort Wayne, IN 46805 kelish@purdue.edu http://people.cs.vt.edu/~kelish/ RESEARCH INTERESTS Software

More information

A Novel Frame Work to Detect Malicious Attacks in Web Applications

A Novel Frame Work to Detect Malicious Attacks in Web Applications Technology, Volume-2, Issue-1, January-March, 2014, pp. 23-28, IASTER 2014, www.iaster.com, Online:2347-5099, Print:2348-0009 A Novel Frame Work to Detect Malicious Attacks in Web Applications N. Jayakanthan

More information

Jonathon T. Giffin. Research Interests. Education

Jonathon T. Giffin. Research Interests. Education Jonathon T. Giffin University of Wisconsin USA Office: +1 (608) 262-6625 Mobile: +1 (608) 772-3663 Fax: +1 (608) 262-9777 giffin@cs.wisc.edu http://www.cs.wisc.edu/~giffin/ Research Interests My primary

More information

Security of Web Applications and Browsers: Challenges and Solutions

Security of Web Applications and Browsers: Challenges and Solutions Security of Web Applications and Browsers: Challenges and Solutions A Tutorial Proposal for ACM SAC 2015 By Dr. Hossain Shahriar Department of Computer Science Kennesaw State University Kennesaw, GA 30144,

More information

COMPARISON OF FIXED & VARIABLE RATES (25 YEARS) CHARTERED BANK ADMINISTERED INTEREST RATES - PRIME BUSINESS*

COMPARISON OF FIXED & VARIABLE RATES (25 YEARS) CHARTERED BANK ADMINISTERED INTEREST RATES - PRIME BUSINESS* COMPARISON OF FIXED & VARIABLE RATES (25 YEARS) 2 Fixed Rates Variable Rates FIXED RATES OF THE PAST 25 YEARS AVERAGE RESIDENTIAL MORTGAGE LENDING RATE - 5 YEAR* (Per cent) Year Jan Feb Mar Apr May Jun

More information

COMPARISON OF FIXED & VARIABLE RATES (25 YEARS) CHARTERED BANK ADMINISTERED INTEREST RATES - PRIME BUSINESS*

COMPARISON OF FIXED & VARIABLE RATES (25 YEARS) CHARTERED BANK ADMINISTERED INTEREST RATES - PRIME BUSINESS* COMPARISON OF FIXED & VARIABLE RATES (25 YEARS) 2 Fixed Rates Variable Rates FIXED RATES OF THE PAST 25 YEARS AVERAGE RESIDENTIAL MORTGAGE LENDING RATE - 5 YEAR* (Per cent) Year Jan Feb Mar Apr May Jun

More information

Computer and Network Security

Computer and Network Security EECS 588 Computer and Network Security Introduction January 12, 2016 Alex Halderman Today s Class Welcome! Goals for the course Topics, what interests you? Introduction to security research Components

More information

Case 2:08-cv-02463-ABC-E Document 1-4 Filed 04/15/2008 Page 1 of 138. Exhibit 8

Case 2:08-cv-02463-ABC-E Document 1-4 Filed 04/15/2008 Page 1 of 138. Exhibit 8 Case 2:08-cv-02463-ABC-E Document 1-4 Filed 04/15/2008 Page 1 of 138 Exhibit 8 Case 2:08-cv-02463-ABC-E Document 1-4 Filed 04/15/2008 Page 2 of 138 Domain Name: CELLULARVERISON.COM Updated Date: 12-dec-2007

More information

WAVES: Automatic Synthesis of Client-side Validation Code for Web Applications

WAVES: Automatic Synthesis of Client-side Validation Code for Web Applications WAVES: Automatic Synthesis of Client-side Validation Code for Web Applications Nazari Skrupsky nskroups@cs.uic.edu Maliheh Monshizadeh mmonsh2@uic.edu Prithvi Bisht pbisht@cs.uic.edu Timothy Hinrichs hinrichs@uic.edu

More information

FY 2015 Schedule at a Glance

FY 2015 Schedule at a Glance Coaching and Mentoring for Excellence Oct 21 23, 2014 $2,950 Residential Coaching and Mentoring for Excellence Apr 7 9, 2015 $2,400 Non-residential Coaching and Mentoring for Excellence May 27 29, 2015

More information

XIAOKUI SHU. PERSONAL INFORMATION 2202 Kraft Drive http://xshu.net Blacksburg, VA 24060

XIAOKUI SHU. PERSONAL INFORMATION 2202 Kraft Drive http://xshu.net Blacksburg, VA 24060 XIAOKUI SHU PERSONAL INFORMATION 2202 Kraft Drive http://xshu.net Blacksburg, VA 24060 subx@cs.vt.edu RESEARCH INTERESTS Anomaly detection in systems and networks e.g., program execution modeling, event

More information

Computer Software Bugs and Other IT Threats to Critical Infrastructure: A Preliminary Set of Considerations for IT Governance

Computer Software Bugs and Other IT Threats to Critical Infrastructure: A Preliminary Set of Considerations for IT Governance Computer Software Bugs and Other IT Threats to Critical Infrastructure: A Preliminary Set of Considerations for IT Governance Presentation for the Seventh European Academic Conference on Internal Audit

More information

Mihai Christodorescu

Mihai Christodorescu Mihai Christodorescu Department of Computer Sciences University of Wisconsin, Madison 1210 W. Dayton St. Madison, WI 53706, USA Voice: +1 608-695-6271 Fax: +1 608-262-9777 http://www.cs.wisc.edu/~mihai

More information

Deep Security Vulnerability Protection Summary

Deep Security Vulnerability Protection Summary Deep Security Vulnerability Protection Summary Trend Micro, Incorporated This documents outlines the process behind rules creation and answers common questions about vulnerability coverage for Deep Security

More information

EECS 588: Computer and Network Security. Introduction January 14, 2014

EECS 588: Computer and Network Security. Introduction January 14, 2014 EECS 588: Computer and Network Security Introduction January 14, 2014 Today s Class Welcome! Goals for the course Topics, what interests you? Introduction to security research Components of your grade

More information

Department of Information Systems and Cyber Security

Department of Information Systems and Cyber Security The University of Texas at San Antonio 1 Department of Information Systems and Cyber Security All graduate programs in Information Systems and Cyber Security are accredited by AACSB International The Association

More information

Cross Site Scripting Prevention

Cross Site Scripting Prevention Project Report CS 649 : Network Security Cross Site Scripting Prevention Under Guidance of Prof. Bernard Menezes Submitted By Neelamadhav (09305045) Raju Chinthala (09305056) Kiran Akipogu (09305074) Vijaya

More information

1. Introduction. 2. Web Application. 3. Components. 4. Common Vulnerabilities. 5. Improving security in Web applications

1. Introduction. 2. Web Application. 3. Components. 4. Common Vulnerabilities. 5. Improving security in Web applications 1. Introduction 2. Web Application 3. Components 4. Common Vulnerabilities 5. Improving security in Web applications 2 What does World Wide Web security mean? Webmasters=> confidence that their site won

More information

A Classification of SQL Injection Attack Techniques and Countermeasures

A Classification of SQL Injection Attack Techniques and Countermeasures A Classification of SQL Injection Attack Techniques and Countermeasures William G.J. Halfond, Jeremy Viegas & Alessandro Orso Georgia Institute of Technology This work was partially supported by DHS contract

More information

Vendor Management - Why it s So Important. Employee Benefits Task Force July 27-30, 2014 Hyatt Regency, Newport RI

Vendor Management - Why it s So Important. Employee Benefits Task Force July 27-30, 2014 Hyatt Regency, Newport RI Vendor Management - Why it s So Important Employee Benefits Task Force July 27-30, 2014 Hyatt Regency, Newport RI MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2010 Wolf & Company,

More information

Detection and mitigation of Web Services Attacks using Markov Model

Detection and mitigation of Web Services Attacks using Markov Model Detection and mitigation of Web Services Attacks using Markov Model Vivek Relan RELAN1@UMBC.EDU Bhushan Sonawane BHUSHAN1@UMBC.EDU Department of Computer Science and Engineering, University of Maryland,

More information

WAPTEC: Whitebox Analysis of Web Applications for Parameter Tampering Exploit Construction

WAPTEC: Whitebox Analysis of Web Applications for Parameter Tampering Exploit Construction WAPTEC: Whitebox Analysis of Web Applications for Parameter Tampering Exploit Construction Prithvi Bisht University of Illinois Chicago, USA pbisht@cs.uic.edu Timothy Hinrichs University of Chicago Chicago,

More information

Enhanced Vessel Traffic Management System Booking Slots Available and Vessels Booked per Day From 12-JAN-2016 To 30-JUN-2017

Enhanced Vessel Traffic Management System Booking Slots Available and Vessels Booked per Day From 12-JAN-2016 To 30-JUN-2017 From -JAN- To -JUN- -JAN- VIRP Page Period Period Period -JAN- 8 -JAN- 8 9 -JAN- 8 8 -JAN- -JAN- -JAN- 8-JAN- 9-JAN- -JAN- -JAN- -JAN- -JAN- -JAN- -JAN- -JAN- -JAN- 8-JAN- 9-JAN- -JAN- -JAN- -FEB- : days

More information

Analysis One Code Desc. Transaction Amount. Fiscal Period

Analysis One Code Desc. Transaction Amount. Fiscal Period Analysis One Code Desc Transaction Amount Fiscal Period 57.63 Oct-12 12.13 Oct-12-38.90 Oct-12-773.00 Oct-12-800.00 Oct-12-187.00 Oct-12-82.00 Oct-12-82.00 Oct-12-110.00 Oct-12-1115.25 Oct-12-71.00 Oct-12-41.00

More information

IJMIE Volume 2, Issue 9 ISSN: 2249-0558

IJMIE Volume 2, Issue 9 ISSN: 2249-0558 Survey on Web Application Vulnerabilities Prevention Tools Student, Nilesh Khochare* Student,Satish Chalurkar* Professor, Dr.B.B.Meshram* Abstract There are many commercial software security assurance

More information

ADAM L. DOUPÉ. University of California, Santa Barbara. Advisor: Giovanni Vigna Topic: Black-Box Web Vulnerability Scanners

ADAM L. DOUPÉ. University of California, Santa Barbara. Advisor: Giovanni Vigna Topic: Black-Box Web Vulnerability Scanners ADAM L. DOUPÉ P.O. Box 878809 Tempe, AZ 85287-8809 doupe@asu.edu 480-727-5471 EDUCATION 2010 2014 PhD in Computer Science University of California, Santa Barbara Advisor: Giovanni Vigna and Christopher

More information

EECS 588: Computer and Network Security. Introduction

EECS 588: Computer and Network Security. Introduction EECS 588: Computer and Network Security Introduction January 13, 2014 Today s Cass Class Welcome! Goals for the course Topics, what interests you? Introduction to security research Components of your grade

More information

What Every (Software) Engineer Needs To Know About Security. -- and -- Where To Learn It

What Every (Software) Engineer Needs To Know About Security. -- and -- Where To Learn It What Every (Software) Engineer Needs To Know About Security -- and -- Where To Learn It Neil Daswani http://www.neildaswani.com http://www.learnsecurity.com Is the sky falling? (yet?) TJX (March 2007)

More information

Keyword: Cloud computing, service model, deployment model, network layer security.

Keyword: Cloud computing, service model, deployment model, network layer security. Volume 4, Issue 2, February 2014 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com An Emerging

More information

Threat Modeling. Categorizing the nature and severity of system vulnerabilities. John B. Dickson, CISSP

Threat Modeling. Categorizing the nature and severity of system vulnerabilities. John B. Dickson, CISSP Threat Modeling Categorizing the nature and severity of system vulnerabilities John B. Dickson, CISSP What is Threat Modeling? Structured approach to identifying, quantifying, and addressing threats. Threat

More information

Fengwei Zhang. Research Interest. Education. Employment History

Fengwei Zhang. Research Interest. Education. Employment History Fengwei Zhang Wayne State University 5057 Woodward Avenue, Suite 3010 Detroit, Michigan 48202 fengwei@wayne.edu http://fengwei.me Research Interest My primary research interests are in the areas of systems

More information

Wayne State University Phone: 313-282-1912 5057 Woodward Avenue, Suite 3010 www.linkedin.com/in/sharrukhzaman

Wayne State University Phone: 313-282-1912 5057 Woodward Avenue, Suite 3010 www.linkedin.com/in/sharrukhzaman Sharrukh Zaman Department of Computer Science E-mail: sharrukh@wayne.edu Phone: 313-282-1912 5057 Woodward Avenue, Suite 3010 www.linkedin.com/in/sharrukhzaman, 48202 www.cs.wayne.edu/sharrukh Education,

More information

Adobe ColdFusion. Secure Profile Web Application Penetration Test. July 31, 2014. Neohapsis 217 North Jefferson Street, Suite 200 Chicago, IL 60661

Adobe ColdFusion. Secure Profile Web Application Penetration Test. July 31, 2014. Neohapsis 217 North Jefferson Street, Suite 200 Chicago, IL 60661 Adobe ColdFusion Secure Profile Web Application Penetration Test July 31, 2014 Neohapsis 217 North Jefferson Street, Suite 200 Chicago, IL 60661 Chicago Dallas This document contains and constitutes the

More information

Towards Client-side HTML Security Policies

Towards Client-side HTML Security Policies Towards Client-side HTML Security Policies Joel Weinberger University of California, Berkeley Adam Barth Google Dawn Song University of California, Berkeley Abstract With the proliferation of content rich

More information

Current counter-measures and responses by CERTs

Current counter-measures and responses by CERTs Current counter-measures and responses by CERTs Jeong, Hyun Cheol hcjung@kisa.or.kr April. 2007 Contents I. Malware Trends in Korea II. Malware from compromised Web sites III. Case Study : Malware countermeasure

More information

90% of data breaches are caused by software vulnerabilities.

90% of data breaches are caused by software vulnerabilities. 90% of data breaches are caused by software vulnerabilities. Get the skills you need to build secure software applications Secure Software Development (SSD) www.ce.ucf.edu/ssd Offered in partnership with

More information

Creating Stronger, Safer, Web Facing Code. JPL IT Security Mary Rivera June 17, 2011

Creating Stronger, Safer, Web Facing Code. JPL IT Security Mary Rivera June 17, 2011 Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011 Agenda Evolving Threats Operating System Application User Generated Content JPL s Application Security Program Securing

More information

Mohammad Arzaghi. (marzaghi@aus.edu) http://www.aus.edu/sbm/eco/people/arzaghi%20mohammad.php http://www.nber.org/~arzaghim/

Mohammad Arzaghi. (marzaghi@aus.edu) http://www.aus.edu/sbm/eco/people/arzaghi%20mohammad.php http://www.nber.org/~arzaghim/ Mohammad Arzaghi (marzaghi@aus.edu) http://www.aus.edu/sbm/eco/people/arzaghi%20mohammad.php http://www.nber.org/~arzaghim/ Office Address (UAE) American University of Sharjah Department of Economics Sharjah,

More information

JENS HENRIK EGGERT CHRISTENSEN RESEARCH ADVISOR, FINANCIAL RESEARCH FEDERAL RESERVE BANK OF SAN FRANCISCO 101 MARKET STREET, SAN FRANCISCO, CA 94105

JENS HENRIK EGGERT CHRISTENSEN RESEARCH ADVISOR, FINANCIAL RESEARCH FEDERAL RESERVE BANK OF SAN FRANCISCO 101 MARKET STREET, SAN FRANCISCO, CA 94105 JENS HENRIK EGGERT CHRISTENSEN RESEARCH ADVISOR, FINANCIAL RESEARCH FEDERAL RESERVE BANK OF SAN FRANCISCO 101 MARKET STREET, SAN FRANCISCO, CA 94105 JENS.CHRISTENSEN@SF.FRB.ORG 415.974.3115 US VISA STATUS:

More information

Centers of Academic Excellence in Cyber Security (CAE-C) Knowledge Units Review

Centers of Academic Excellence in Cyber Security (CAE-C) Knowledge Units Review Centers of Academic Excellence in Cyber Security (CAE-C) Knowledge Units Review Review Process The Knowledge Unit (KU) Review Calendar divides the entire CAE-C KU list into 12 months for the purposes of

More information

CSCI 454/554 Computer and Network Security. Instructor: Dr. Kun Sun

CSCI 454/554 Computer and Network Security. Instructor: Dr. Kun Sun CSCI 454/554 Computer and Network Security Instructor: Dr. Kun Sun About Instructor Dr. Kun Sun, Assistant Professor of Computer Science http://www.cs.wm.edu/~ksun/ Phone: (757) 221-3457 Email: ksun@wm.edu

More information

Pentests more than just using the proper tools

Pentests more than just using the proper tools Pentests more than just using the proper tools Agenda 1. Information Security @ TÜV Rheinland 2. Penetration testing Introduction Evaluation scheme Security Analyses of web applications Internal Security

More information

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus Information Technology Engineers Examination Information Security Specialist Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination

More information

Pentests more than just using the proper tools

Pentests more than just using the proper tools Pentests more than just using the proper tools Agenda 1. Information Security @ TÜV Rheinland 2. Security testing 3. Penetration testing Introduction Evaluation scheme Security Analyses of web applications

More information

DOMAIN EXPERTISE METHODOLOGY SKILLS

DOMAIN EXPERTISE METHODOLOGY SKILLS Xixi Li Assistant Professor Department of Management Science and Engineering Tsinghua University Beijing China 100086 EDUCATION Ph.D., Department of Management & Marketing, Faculty of Business Aug 2006

More information

CompTIA Security+ (Exam SY0-410)

CompTIA Security+ (Exam SY0-410) CompTIA Security+ (Exam SY0-410) Length: Location: Language(s): Audience(s): Level: Vendor: Type: Delivery Method: 5 Days 182, Broadway, Newmarket, Auckland English, Entry Level IT Professionals Intermediate

More information

Release of the Draft Cybersecurity Procurement Language for Energy Delivery Systems

Release of the Draft Cybersecurity Procurement Language for Energy Delivery Systems Release of the Draft Cybersecurity Procurement Language for Energy Delivery Systems Energy Sector Control Systems Working Group Supporting the Electricity Sector Coordinating Council, Oil & Natural Gas

More information

Software security specification and verification

Software security specification and verification Software security specification and verification Erik Poll Security of Systems (SoS) group Radboud University Nijmegen Software (in)security specification and verification/detection Erik Poll Security

More information

BUGAT TROJAN JOINS THE MOBILE REVOLUTION

BUGAT TROJAN JOINS THE MOBILE REVOLUTION BUGAT TROJAN JOINS THE MOBILE REVOLUTION June 2013 RSA researchers analyzing Bugat Trojan attacks have recently learned that Bugat s developers managed to develop and deploy mobile malware designed to

More information

Eun-Hye [Enki] Yoo. University at Buffalo Tel: (805) 259-7541 The State University of New York Fax: (972) 883-6297

Eun-Hye [Enki] Yoo. University at Buffalo Tel: (805) 259-7541 The State University of New York Fax: (972) 883-6297 Eun-Hye [Enki] Yoo University at Buffalo Tel: (805) 259-7541 The State University of New York Fax: (972) 883-6297 Department of Geography Email: eunhye@buffalo.edu Buffalo, N.Y. 14222 www page: http://www.geog.buffalo.edu/

More information

Proposal to Reduce Opening Hours at the Revenues & Benefits Coventry Call Centre

Proposal to Reduce Opening Hours at the Revenues & Benefits Coventry Call Centre Proposal to Reduce Opening Hours at the Revenues & Benefits Coventry Call Centre Proposal To change the opening hours of the Revenues & Benefits Call Centre to 9am until 5pm Monday to Friday with effect

More information

FELLOWSHIPS, GRANTS, ACADEMIC AWARDS

FELLOWSHIPS, GRANTS, ACADEMIC AWARDS ALMINAS ŽALDOKAS +852 9176 1249 HKUST, Clear Water Bay, Kowloon, Hong Kong alminas@ust.hk www.alminas.com ACADEMIC EMPLOYMENT Hong Kong University of Science and Technology 2012 Assistant Professor of

More information

Curriculum Vitae Summary Employment University of Washington at Bothell Sept 2013 Present BBN Technologies June 2011 May 2013

Curriculum Vitae Summary Employment University of Washington at Bothell Sept 2013 Present BBN Technologies June 2011 May 2013 Brent Lagesse, Ph.D. Computing and Software Systems Box 358534 18115 Campus Way NE Bothell, WA 98011-8246 425.352.5313 lagesse@uw.edu Summary Curriculum Vitae Employment I am a professor at the University

More information

9700 South Cass Avenue, Lemont, IL 60439 URL: www.mcs.anl.gov/ fulin

9700 South Cass Avenue, Lemont, IL 60439 URL: www.mcs.anl.gov/ fulin Fu Lin Contact information Education Work experience Research interests Mathematics and Computer Science Division Phone: (630) 252-0973 Argonne National Laboratory E-mail: fulin@mcs.anl.gov 9700 South

More information

Enterprise Application Security Workshop Series

Enterprise Application Security Workshop Series Enterprise Application Security Workshop Series Phone 877-697-2434 fax 877-697-2434 www.thesagegrp.com Defending JAVA Applications (3 Days) In The Sage Group s Defending JAVA Applications workshop, participants

More information

Certification Report

Certification Report Certification Report EAL 2+ Evaluation of Symantec Endpoint Protection Version 12.1.2 Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and

More information

UR Financials Project

UR Financials Project UR Financials Project Demo Days February 2015 Agenda UR Financials Project Update January Close Progress Reporting Enhancements Training Update Workday Releases Communications Saving Filters Demonstration

More information

FORBIDDEN - Ethical Hacking Workshop Duration

FORBIDDEN - Ethical Hacking Workshop Duration Workshop Course Module FORBIDDEN - Ethical Hacking Workshop Duration Lecture and Demonstration : 15 Hours Security Challenge : 01 Hours Introduction Security can't be guaranteed. As Clint Eastwood once

More information

Mikhail Kouliavtsev Faculty Vita (September 1, 2008 - August 31, 2013)

Mikhail Kouliavtsev Faculty Vita (September 1, 2008 - August 31, 2013) Mikhail Kouliavtsev Faculty Vita (September 1, 2008 - August 31, 2013) Department: Economics/Finance Rank: Associate Professor Qualification Status: AQ Tenure Status: Tenured EDUCATION PHD, 2003. Institution:

More information

The Devils Behind Web Application Vulnerabilities

The Devils Behind Web Application Vulnerabilities The Devils Behind Web Application Vulnerabilities Defending against Web Application Vulnerabilities IEEE Computer, February 2012 Nuno Antunes, Marco Vieira {nmsa, mvieira}@dei.uc.pt Postgrad Colloquium

More information

Hunting Cross-Site Scripting Attacks in the Network

Hunting Cross-Site Scripting Attacks in the Network Hunting Cross-Site Scripting Attacks in the Network Elias Athanasopoulos, Antonis Krithinakis, and Evangelos P. Markatos Institute of Computer Science Foundation for Research and Technology - Hellas N.

More information

Contents The College of Information Science and Technology 2011-2012 Undergraduate Course Descriptions

Contents The College of Information Science and Technology 2011-2012 Undergraduate Course Descriptions Contents The College of Information Science and Technology 2011-2012 Undergraduate Course Descriptions Information Science & Systems Courses INFO 101 - Introduction to Information Technology Introduces

More information

Rational AppScan & Ounce Products

Rational AppScan & Ounce Products IBM Software Group Rational AppScan & Ounce Products Presenters Tony Sisson and Frank Sassano 2007 IBM Corporation IBM Software Group The Alarming Truth CheckFree warns 5 million customers after hack http://infosecurity.us/?p=5168

More information

Nadine Nasser Donovan, Esq. (617) 791-4282 (cell) nadine@seak.com www.seak.com www.malpracticetestifyingtraining.com

Nadine Nasser Donovan, Esq. (617) 791-4282 (cell) nadine@seak.com www.seak.com www.malpracticetestifyingtraining.com Nadine Nasser Donovan, Esq. (617) 791-4282 (cell) nadine@seak.com www.seak.com www.malpracticetestifyingtraining.com CURRENT: SEAK, INC. Falmouth, MA Consultant/Trainer, August 2002-Present Trains experts

More information

Hardware Enabled Zero Day Protection

Hardware Enabled Zero Day Protection Hardware Enabled Zero Day Protection Cyber Security Division 2012 Principal Investigators Meeting October 11, 2012 Paul A. Rivera President/CEO Def-Logix, Inc. Email: privera@def-logix.com Phone: 210-478-1369

More information

QRCloud: Android Vulnerability Query and Push Services Based on QR Code in Cloud Computing

QRCloud: Android Vulnerability Query and Push Services Based on QR Code in Cloud Computing Journal of Computational Information Systems 11: 11 (2015) 3875 3881 Available at http://www.jofcis.com QRCloud: Android Vulnerability Query and Push Services Based on QR Code in Cloud Computing Jingzheng

More information

Frontiers in Cyber Security: Beyond the OS

Frontiers in Cyber Security: Beyond the OS 2013 DHS S&T/DoD ASD (R&E) CYBER SECURITY SBIR WORKSHOP Frontiers in Cyber Security: Beyond the OS Clear Hat Consulting, Inc. Sherri Sparks 7/23/13 Company Profile CHC was founded in 2007 by S. Sparks

More information

Carl Burch. 1124 Clifton St mobile 501 499 9892 Conway AR 72034 3911. cburch@cburch.com http://www.cburch.com/ Education May 00

Carl Burch. 1124 Clifton St mobile 501 499 9892 Conway AR 72034 3911. cburch@cburch.com http://www.cburch.com/ Education May 00 Carl Burch 1124 Clifton St mobile 501 499 9892 Conway AR 72034 3911 cburch@cburch.com http://www.cburch.com/ Education May 00 May 98 May 95 Teaching Fall 04 present Fall 00 Spring 04 Summers 97 02 Spring

More information

OS KERNEL MALWARE DETECTION USING KERNEL CRIME DATA MINING

OS KERNEL MALWARE DETECTION USING KERNEL CRIME DATA MINING OS KERNEL MALWARE DETECTION USING KERNEL CRIME DATA MINING MONISHA.T #1 and Mrs.UMA.S *2 # ME,PG Scholar,Department of CSE, SKR Engineering College,Poonamallee,Chennai,TamilNadu * ME,Assist.professor,

More information

Potential Thesis Topics in Networking

Potential Thesis Topics in Networking Geoff Xie 1 Potential Thesis Topics in Networking Prof. Geoffrey Xie xie@cs.nps.navy.mil, SP 544C April 2002 http://www.saamnet.org 1 What my Research Projects Offer Total learning experience for you You

More information

Cyberspace Security Issues and Challenges

Cyberspace Security Issues and Challenges Cyberspace Security Issues and Challenges Manu Malek, Ph.D. Department of Computer Science Stevens Institute of Technology mmalek@stevens.edu MSU Seminar, 10/06/03 M. Malek 1 Outline Security status Security

More information

Nadine Nasser Donovan, Esq. (617) 791-4282 (cell) nadine@seak.com www.seak.com www.malpracticetestifyingtraining.com

Nadine Nasser Donovan, Esq. (617) 791-4282 (cell) nadine@seak.com www.seak.com www.malpracticetestifyingtraining.com Nadine Nasser Donovan, Esq. (617) 791-4282 (cell) nadine@seak.com www.seak.com www.malpracticetestifyingtraining.com CURRENT: SEAK, INC. Falmouth, MA Consultant/Trainer, August 2002-Present Trains experts

More information

Emerging Tools & Trends in Hacking

Emerging Tools & Trends in Hacking Version 2007-09 See http://resources.mavensecurity.com for the most recent version Emerging Tools & Trends in Hacking Maven Security Consulting Inc. +1-877-MAVEN-HQ (+1-877-628-3647) www.mavensecurity.com

More information

E-Guide. Sponsored By:

E-Guide. Sponsored By: E-Guide Signature vs. anomaly-based behavior analysis News of successful network attacks has become so commonplace that they are almost no longer news. Hackers have broken into commercial sites to steal

More information

TAO LI. Assistant Professor, Department of Operations Management and Information Systems

TAO LI. Assistant Professor, Department of Operations Management and Information Systems Education TAO LI Assistant Professor Department of Operations Management and Information Systems Leavey School of Business, Santa Clara University 500 El Camino Real, Santa Clara, CA 95053 Phone: (408)

More information

On the Design of a Web Browser: Lessons learned from Operating Systems

On the Design of a Web Browser: Lessons learned from Operating Systems On the Design of a Web Browser: Lessons learned from Operating Systems Kapil Singh Wenke Lee College of Computing, Georgia Institute of Technology, Atlanta, USA E-mail: {ksingh, wenke}@cc.gatech.edu Abstract

More information

Program Logistics for: Cyber Security Defense Certificate

Program Logistics for: Cyber Security Defense Certificate Program Logistics for: Cyber Security Defense Certificate Naval Postgraduate School Center for Information Systems Security Studies and Research (CISR) Monterey, CA 93943 cyber@nps.edu Overview This document

More information

Teaching and Related Experience

Teaching and Related Experience Emese Kennedy May 2015 (Expected) Dec. 2013 May 2010 2013 present 2013 present Education Ph.D. Candidate, Applied Mathematics, North Carolina State University, Advisor: Dr. Hien Tran Dissertation Title:

More information

Juan (Jenn) Du. Homepage: www4.ncsu.edu/ jdu/ Co-advisors: Dr. Xiaohui (Helen) Gu and Dr. Douglas Reeves

Juan (Jenn) Du. Homepage: www4.ncsu.edu/ jdu/ Co-advisors: Dr. Xiaohui (Helen) Gu and Dr. Douglas Reeves Juan (Jenn) Du CONTACT INFORMATION Juan (Jenn) Du Cell: (919) 645-7772 1015 Katie Ln E-mail: jdu.ncsu@gmail.com Cary, NC 27519 Homepage: www4.ncsu.edu/ jdu/ RESEARCH INTERESTS EDUCATION My general research

More information

Incident Response. Proactive Incident Management. Sean Curran Director

Incident Response. Proactive Incident Management. Sean Curran Director Incident Response Proactive Incident Management Sean Curran Director Agenda Incident Response Overview 3 Drivers for Incident Response 5 Incident Response Approach 11 Proactive Incident Response 17 2 2013

More information

WEB SECURITY. Oriana Kondakciu 0054118 Software Engineering 4C03 Project

WEB SECURITY. Oriana Kondakciu 0054118 Software Engineering 4C03 Project WEB SECURITY Oriana Kondakciu 0054118 Software Engineering 4C03 Project The Internet is a collection of networks, in which the web servers construct autonomous systems. The data routing infrastructure

More information

IBM Protocol Analysis Module

IBM Protocol Analysis Module IBM Protocol Analysis Module The protection engine inside the IBM Security Intrusion Prevention System technologies. Highlights Stops threats before they impact your network and the assets on your network

More information

Mohammad Arzaghi. (marzaghi@aus.edu / arzaghim@nber.org) http://www.nber.org/~arzaghim/

Mohammad Arzaghi. (marzaghi@aus.edu / arzaghim@nber.org) http://www.nber.org/~arzaghim/ Mohammad Arzaghi (marzaghi@aus.edu / arzaghim@nber.org) http://www.nber.org/~arzaghim/ Office Address (UAE) American University of Sharjah Department of Economics Sharjah, P.O. Box 26666 UAE Tel: +971

More information

Loophole+ with Ethical Hacking and Penetration Testing

Loophole+ with Ethical Hacking and Penetration Testing Loophole+ with Ethical Hacking and Penetration Testing Duration Lecture and Demonstration: 15 Hours Security Challenge: 01 Hours Introduction Security can't be guaranteed. As Clint Eastwood once said,

More information

Overview. Introduction. Conclusions WINE TRIAGE. Zero day analysis. Symantec Research Labs (SRL)

Overview. Introduction. Conclusions WINE TRIAGE. Zero day analysis. Symantec Research Labs (SRL) 1 Overview Introduction WINE TRIAGE Zero day analysis Conclusions 2 5 locations: USA: Mountain View (CA), Culver City (CA), Herndon (VA) Europe: Dublin (IE), Sophia Antipolis(FR).. 4 thematic domains:

More information

Prevent Cross-site Request Forgery: PCRF

Prevent Cross-site Request Forgery: PCRF Prevent Cross-site Request Forgery: PCRF Sooel Son University of Texas, Austin samuel@cs.utexas.edu Abstract CSRF attacks are one of the most prevalent and dangerous web threats at the level of XSS, SQL

More information

For more information on SQL injection, please refer to the Visa Data Security Alert, SQL Injection Attacks, available at www.visa.

For more information on SQL injection, please refer to the Visa Data Security Alert, SQL Injection Attacks, available at www.visa. Global Partner Management Notice Subject: Visa Data Security Alert Malicious Software and Internet Protocol Addresses Dated: April 10, 2009 Announcement: The protection of account information is a responsibility

More information

Soran University Faculty of Science and Engineering Computer Science Department Information Security Module Specification

Soran University Faculty of Science and Engineering Computer Science Department Information Security Module Specification 1. Module Title Information Security 2. Module Code: CS403INS 3. Module Level - Forth Stage 4. Module Leader Safwan M. 5. Teaching Semester 7 and 8 Soran University Faculty of Science and Engineering Computer

More information

Curriculum Vitae. Zhenchang Xing

Curriculum Vitae. Zhenchang Xing Curriculum Vitae Zhenchang Xing Computing Science Department University of Alberta, Edmonton, Alberta T6G 2E8 Phone: (780) 433 0808 E-mail: xing@cs.ualberta.ca http://www.cs.ualberta.ca/~xing EDUCATION

More information

Securing Network Software using Static Analysis

Securing Network Software using Static Analysis Securing Network Software using Static Analysis Lauri Kolmonen Helsinki University of Technology lauri.kolmonen@hut.fi Abstract Writing network software is not easy and developing secure network software

More information

The New PCI Requirement: Application Firewall vs. Code Review

The New PCI Requirement: Application Firewall vs. Code Review The New PCI Requirement: Application Firewall vs. Code Review The Imperva SecureSphere Web Application Firewall meets the new PCI requirement for an application layer firewall. With the highest security

More information

What is Web Security? Motivation

What is Web Security? Motivation brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web

More information

Accident & Emergency Department Clinical Quality Indicators

Accident & Emergency Department Clinical Quality Indicators Overview This dashboard presents our performance in the new A&E clinical quality indicators. These 8 indicators will allow you to see the quality of care being delivered by our A&E department, and reflect

More information