Master of Technology, CS Indian Institute of Technology, Kanpur CPA: 7.71/10.0
|
|
- Sheryl Blake
- 8 years ago
- Views:
Transcription
1 1/5 Prithvi Bisht 1500 Harbour Dr, Unit 4D, Wheeling, Illinois, T B p b i s h c s. u i c. e d u, b i s h t s p y a h o o. c o m WWW: pbisht Overview Extensive experience spanning 10+ years of Research and Development activities: 6 years in intensive and cutting-edge computer security research that resulted in several innovative, novel ideas and prototype tools for finding and fixing security vulnerabilities, 4+ years in software industry that resulted in contributions to in-market as well as future products of companies such as Intel. I am interested in designing and developing innovative, pragmatic and effective solutions to combat computer security issues. My expertise is in Language-based security solutions i.e., prevent / eliminate / detect vulnerabilities through program analysis and retrofitting. My doctoral dissertation titled Improving Web Security by Automated Extraction of Web Application Intent observed that the source code of a web application contains a wealth of information about its intended behavior. Typically, attacks manifest by tricking applications to yield unintended behaviors. This dissertation offers novel techniques that generate models of intended behavior through program analysis and then use them to prevent / eliminate attacks (enforce conformance to the model) or to find concrete attacks (find lapses in model enforcement). Education Doctor of Philosophy, CS University of Illinois at Chicago GPA: 4.0/4.0 Aug Aug 2011 Advisor: Prof. V.N. Venkatakrishnan Master of Technology, CS Indian Institute of Technology, Kanpur CPA: 7.71/10.0 Jul Feb 2002 Advisor: Prof. Rajat Moona Bachelor of Engineering, CS G.B. Pant Engineering College Percentage: 80% (honors) Jun Jun 2000 Skills Research: Security analysis of systems/solutions, problem identification, theoretical analysis, solution development & concept prototyping, author academic literature & research proposals, collaboration, knowledge extraction & critical review of academic literature. Software Engineering: Conception, design, implementation, optimization, debugging, documentation, support and growth of small to large, long-term software development projects Computer Languages: C, Java, L A TEX, JavaScript, Perl, Shell script, PHP, SQL Employment Experience Postdoc Research Associate Jul 2011 Sep 2012 University of Illinois at Chicago, Department of Computer Science, Chicago, IL, USA Shaped ideas and spearheaded efforts on designing an effective solution for preventing parameter tampering exploits. Submitted a grant proposal to NSF for funding parameter tampering research. Co-Founder and Partner Apr 2012 Sep 2012 Aegilys Inc., Chicago, USA Participated in 7 Week intensive National Science Foundation (NSF) I-Corps program to assess business feasibility of ideas. Developed a business model (Osterwalder Canvas) with key components such as value propositions, key customers, channels, revenue streams, etc., and refined these with customer interviews. Interviewed over 70 potential customers (CEOs, Managers, Developers) ranging from Fortune-500 companies to small startups to identify key customer needs in the application security domain. Spearheaded efforts in writing and submitting an NSF Small Business Innovation Research (SBIR) grant. 1
2 Prithvi Bisht 2/5 Research Assistant Jan 2007 Jul 2011 University of Illinois at Chicago, Department of Computer Science, Chicago, IL, USA Studied security issues in Web applications. Proposed solutions for mitigation of top security threats including SQL-injection, Cross-site scripting and Cross-site request forgery. Proposed novel ways of finding high impact vulnerabilities in commercial web applications (online banking / shopping). Published research papers in top tier security conferences and participated in preparation of grant proposals to NSF. Peer reviewed academic conference papers and journal articles. Prototyped and evaluated several research ideas. Doctoral Intern May 2010 Aug 2010 SRI International, Computer Science Lab, Menlo Park, CA, USA Analyzed malicious Flash applications and prepared a categorized knowledge base. Studied existing literature on security analysis of binary applications. Proposed a novel scheme to find and prevent Zero-day attacks in binary applications. Senior Software Developer Jul 2003 Jul 2006 Intel Corporation, Bangalore, India Designed and developed software for concept platforms of Intel. Proposed novel ideas that showcased hardware strength. Prototyped and prepared demos for higher management to get seed money for projects. Interfaced with Bluetooth stack vendors (Toshiba Japan, IVT China) as the sole technical contact. Published patentable ideas at Senior Software Developer Mar 2002 Jul 2003 Novell Inc., Bangalore, India Developed software to provide location independent secure access to the corporate information. Teaching/Research Assistant Jul 2000 Feb 2002 Indian Institute of Technology Kanpur, Department of Computer Science, Kanpur, India Developed an architecture-independent disassembler. Studied hands-on security (buffer overflows, trojan horses, packet sniffers). Mentored tutorial sessions and graded assignments for undergraduate class Introduction to Programming. Publications Refereed Conference Papers 1. Dont Repeat Yourself: Automatically Synthesizing Client-side Validation Code for Web Applications (Demo Paper). Nazari Skrupsky, Maliheh Monshizadeh, Prithvi Bisht, Timothy Hinrichs, V.N. Venkatakrishnan, and Lenore Zuck. In WEBAPPS 12: Proceedings of the 3rd Usenix Conference on Web Application Development Boston, MA, USA, SWIPE: Eager Erasure of Sensitive Data in Large Scale Systems Software. Kalpana Gondi, Prithvi Bisht, A. Prasad Sistla and V.N. Venkatakrishnan. In CODASPY 12: Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy San Antonio, TX, USA, 2012, Acceptance Rate = 21 / 113, 18%. 3. WAPTEC: Whitebox Analysis of Web Applications for Parameter Tampering Exploit Construction. Prithvi Bisht, Timothy Hinrichs, Nazari Skrupsky, and V.N. Venkatakrishnan. In CCS 11: Proceedings of the 18th ACM Conference on Computer and Communications Security, Chicago, Illinois, USA, 2011, Acceptance Rate = 60 / 429, 14%. 2
3 Prithvi Bisht 3/5 4. NoTamper: Automatic Blackbox Detection of Parameter Tampering Opportunities in Web Applications. Prithvi Bisht, Timothy Hinrichs, Nazari Skrupsky, Radoslaw Bobrowicz and V.N. Venkatakrishnan. In CCS 10: Proceedings of the 17th ACM Conference on Computer and Communications Security, Chicago, Illinois, USA, 2010, Acceptance Rate = 55 / 320, 17%. 5. TAPS: Automatically Preparing Safe SQL Queries (Poster Paper). Prithvi Bisht, A. Prasad Sistla and V.N. Venkatakrishnan. In CCS 10: Proceedings of the 17th ACM Conference on Computer and Communications Security, Chicago, Illinois, USA, 2010, Acceptance Rate = 44 / 69, 64%. 6. Automatically Preparing Safe SQL Queries. Prithvi Bisht, A. Prasad Sistla and V.N. Venkatakrishnan. In FC 10: Proceedings of the 14th International Conference on Financial Cryptography and Data Security, Tenerife, Canary Islands, Spain, 2010, Acceptance Rate = 19 / 130, 14.6%. 7. Strengthening XSRF Defenses for Legacy Web Applications Using White-box Analysis and Transformation. Michelle Zhou, Prithvi Bisht and V.N. Venkatakrishnan. In ICISS 10: Proceedings of the 6th International Conference on Information Systems Security, Gandhinagar, Gujarat, India, 2010, Acceptance Rate = 14 / 51, 27%. 8. XSS-GUARD: Precise Dynamic Prevention of Cross-site Scripting Attacks. Prithvi Bisht and V.N. Venkatakrishnan. In DIMVA 08: Proceedings of the 5th Conference on Detection of Intrusions & Malware, and Vulnerability Assessment, Paris, France, 2008, Acceptance Rate = 13 / 42, 31%. 9. CANDID: Preventing SQL Injection Attacks using Dynamic Candidate Evaluations. Sruthi Bandhakavi, Prithvi Bisht, P. Madhusudan and V.N. Venkatakrishnan. In CCS 07: Proceedings of the 14th ACM Conference on Computer and Communications Security, Alexandria, Virginia, USA, 2007, Acceptance Rate = 55 / 302, 18%. Refereed Journal Articles 10. CANDID: Dynamic Candidate Evaluations for Automatic Prevention of SQL Injection Attacks. Prithvi Bisht, P. Madhusudan and V.N. Venkatakrishnan. ACM Trans. Inf. Syst. Secur., Volume 13, Number 2, 2010, New York, NY, USA. Refereed Workshop Papers 11. Analysis of Hypertext Isolation Techniques for Cross-site Scripting Prevention. Mike Ter Louw, Prithvi Bisht and V.N. Venkatakrishnan. In 2nd Workshop in Web 2.0 Security and Privacy, Oakland, CA, USA, Acceptance Rate = 14 / 45, 31%. Invited Papers 12. WebAppArmor: A Framework for Preventing Web-based Attacks. V.N. Venkatakrishnan, Prithvi Bisht, Mike Ter Louw, Michelle Zhou, Kalpana Gondi and K. T. Ganesh. In ICISS 10: Proceedings of the 6th International Conference on Information Systems Security, Gandhinagar, Gujarat, India, Book Chapters 13. Formal Methods in Web Application Security. Prithvi Bisht and V.N. Venkatakrishnan. To appear in Encyclopedia of Cryptography and Security, 2nd Ed., Springer, (Editors: Henk C.A. van Tilborg and Sushil Jajodia). Patents 14. Apparatus for Enhancing Web Application Security and Method Therefor. US Patent Number: , with V.N. Venkatakrishnan and A. Prasad Sistla. 15. Methods for Automatically Discovering Parameter Tampering Exploits in Web Applications. Filed provisional patent to US Patent Office, with Nazari Skrupsky, Timothy Hinrichs, Nazari Skruspky, and V.N. Venkatakrishnan. 3
4 Prithvi Bisht 4/5 Under Submission 1. TamperProof: A Server-Agnostic Defense for Parameter Tampering Attacks on Web Applications. with Nazari Skrupsky, Timothy Hinrichs, Lenore Zuck and V.N. Venkatakrishnan. 2. WAVES: Automatic Synthesis of Client-side Validation Code for Web Applications. with Nazari Skrupsky, Maliheh Monshizadeh, Timothy Hinrichs, V.N. Venkatakrishnan, and Lenore Zuck. Online Demos of Developed Software 1. TAPS Online Demo: Demonstrates re-writing of SQL injection vulnerable code samples to equivalent safe PREPARE statements based code (Refer to publications [5, 6]). This tool entailed complex engineering to build an understanding of vulnerable parts of the software, re-produce the safe equivalent code, and in handling many features of PHP language. 2. WAPTEC Online Demo: Demonstrates re-writing of PHP programs to capture traces that represent statements executed in a specific run of the web application (Refer to publication [3]). This tool entailed complex engineering to handle challenges posed by weak typing of PHP language (in propagating taint etc.). 3. TamperProof Online Demo: Demonstrates effectiveness of TamperProof (solution to prevent parameter tampering attacks currently under submission). This tool entailed challenges in achieving acceptable performance for an online defense. Professional Activities Program Committee: International Conference on Information Systems Security (ICISS): 2012 Peer-reviewed research articles for: IEEE Security & Privacy (Oakland): 2010, 2011, 2012 Network & Distributed Systems Security (NDSS): 2011 ACM Computer & Communications Security (CCS): 2009 Recent Advances in Intrusion Detection (RAID): 2008, 2010 Annual Computer Security Applications Conference (ACSAC): 2008, 2009, 2010, 2011 World Wide Web (WWW): 2012 Computer Security Foundations Symposium (CSFW): 2009 Journal of Computer Security (JCS): 2009 IET Information Security Journal (ISJ): 2011 Journal of Software Practice and Experience (JSPE): 2008 Web 2.0 Security and Privacy (W2SP): 2011 International Conference on Information Systems Security (ICISS): 2011 Volunteered services: Contributed to summaries of paper presentations, poster sessions and work-in-progress talks for Usenix Security 2010, Washington, DC, USA and Usenix Security 2009, Montreal, Canada Local Arrangements: ACM Computer and Communications Security (CCS): 2009, 2010 and International Conference on High Performance Computing (HiPC): 2006 Presentations WAPTEC: Whitebox Analysis of Web Applications for Parameter Tampering Exploit Construction Paper presentation, CCS conference, Chicago, IL, USA, Web Application Security: Trends and Mitigation through Source Code Analysis. Dasient, Sunnyvale, USA, Mar 2011 AT&T Security Research Center, New York, USA, Feb 2011 SRI International, Computer Science Lab Seminar, Menlo Park, USA, Dec
5 Prithvi Bisht 5/5 NoTamper: Automatic Blackbox Detection of Parameter Tampering Opportunities in Web Applications Poster presentation, Computer Security Awareness Week (CSAW), NY, USA, Oct 2010 Paper presentation, CCS Conference, Chicago, USA, Oct 2010 Rump session presentation, Usenix Security Symposium, Washington, USA, Aug 2010 Taps: Automatically Preparing Safe SQL Queries Paper presentation, FC Conference, Tenerife, Spain, Jan 2010 Poster presentation, CCS Conference, Chicago, USA, Oct 2010 XSS-Guard: Precise Dynamic Prevention of Cross-site Scripting Attacks. Paper presentation, DIMVA Conference, Paris, France, Jul 2008 Candid: Preventing SQL Code Injection Attacks Work-in-progress presentation, Usenix Security Symposium, Boston, Aug 2007 Poster presentation, Midwest Security Workshop, Chicago, Oct 2007 Honors and Distinctions NoTamper project was among the 10 finalists in NYU-Polytechnic Computer Security Awareness Week competition 2010 (open to all students in the Continental USA). Research work featured in news Oct 2010: Oct 2010: Oct 2009: Student travel grants: 16 th, 18 th and 19 th Usenix Security Symposium (2007, 2009, 2010) All India Rank 52, Graduate Aptitude Test of Engineering, India, 2000 (99.06 percentile). Security Relevant Coursework at UIC Advanced Web and Electronic Voting Security Codes & Cryptography Formal Methods in Concurrent and Distributed Systems Computer Systems Security Secure Computer Systems Network and Distributed Systems Security 5
V.N. Venkat Venkatakrishnan
V.N. Venkat Venkatakrishnan Vita CONTACT INFORMATION Department of Computer Science Voice : (312) 996-4860 University of Illinois at Chicago Fax : (312) 413-0024 Chicago, IL 60607 E-mail : venkat@cs.uic.edu
More informationDeep Security/Intrusion Defense Firewall - IDS/IPS Coverage Statistics and Comparison
Deep Security/Intrusion Defense Firewall - IDS/IPS Trend Micro, Incorporated A technical brief summarizing vulnerability coverage provided by Deep Security and Intrusion Defense Firewall. The document
More informationImproving Web Security by. Automated Extraction of. Web Application Intent
Improving Web Security by Automated Extraction of Web Application Intent BY PRITHVI PAL SINGH BISHT M.Tech., Indian Institute of Technology, Kanpur, India, 2002 B.E., Govind Ballabh Pant Engineering College,
More informationDeep Security Intrusion Detection & Prevention (IDS/IPS) Coverage Statistics and Comparison
Deep Security Intrusion Detection & Prevention (IDS/IPS) Trend Micro, Incorporated A technical brief summarizing vulnerability coverage provided by Deep Security. The document also outlines a comparison
More informationAT&T Global Network Client for Windows Product Support Matrix January 29, 2015
AT&T Global Network Client for Windows Product Support Matrix January 29, 2015 Product Support Matrix Following is the Product Support Matrix for the AT&T Global Network Client. See the AT&T Global Network
More informationXSS-GUARD : Precise Dynamic Prevention of Cross Site Scripting (XSS) Attacks
XSS-GUARD : Precise Dynamic Prevention of Cross Site Scripting (XSS) Attacks Prithvi Bisht (http://cs.uic.edu/~pbisht) Joint work with : V.N. Venkatakrishnan Systems and Internet Security Laboratory Department
More informationADAM MACNEIL BATES. Areas of specialization. Current Academic Appointment. Education. Honors & Awards
ADAM MACNEIL BATES Ph.D. Candidate Office: E451 CSE Building Department of Computer & Information Sciences & Engineering Gainesville, FL 32653 University of Florida USA email: bates@cise.ufl.edu Phone:
More informationM.S. in Computer Science 2009-2011
Karim O. Elish Assistant Professor Department of Computer Science Indiana University-Purdue University Fort Wayne, IN 46805 kelish@purdue.edu http://people.cs.vt.edu/~kelish/ RESEARCH INTERESTS Software
More informationA Novel Frame Work to Detect Malicious Attacks in Web Applications
Technology, Volume-2, Issue-1, January-March, 2014, pp. 23-28, IASTER 2014, www.iaster.com, Online:2347-5099, Print:2348-0009 A Novel Frame Work to Detect Malicious Attacks in Web Applications N. Jayakanthan
More informationJonathon T. Giffin. Research Interests. Education
Jonathon T. Giffin University of Wisconsin USA Office: +1 (608) 262-6625 Mobile: +1 (608) 772-3663 Fax: +1 (608) 262-9777 giffin@cs.wisc.edu http://www.cs.wisc.edu/~giffin/ Research Interests My primary
More informationSecurity of Web Applications and Browsers: Challenges and Solutions
Security of Web Applications and Browsers: Challenges and Solutions A Tutorial Proposal for ACM SAC 2015 By Dr. Hossain Shahriar Department of Computer Science Kennesaw State University Kennesaw, GA 30144,
More informationCOMPARISON OF FIXED & VARIABLE RATES (25 YEARS) CHARTERED BANK ADMINISTERED INTEREST RATES - PRIME BUSINESS*
COMPARISON OF FIXED & VARIABLE RATES (25 YEARS) 2 Fixed Rates Variable Rates FIXED RATES OF THE PAST 25 YEARS AVERAGE RESIDENTIAL MORTGAGE LENDING RATE - 5 YEAR* (Per cent) Year Jan Feb Mar Apr May Jun
More informationCOMPARISON OF FIXED & VARIABLE RATES (25 YEARS) CHARTERED BANK ADMINISTERED INTEREST RATES - PRIME BUSINESS*
COMPARISON OF FIXED & VARIABLE RATES (25 YEARS) 2 Fixed Rates Variable Rates FIXED RATES OF THE PAST 25 YEARS AVERAGE RESIDENTIAL MORTGAGE LENDING RATE - 5 YEAR* (Per cent) Year Jan Feb Mar Apr May Jun
More informationFY 2015 Schedule at a Glance
Coaching and Mentoring for Excellence Oct 21 23, 2014 $2,950 Residential Coaching and Mentoring for Excellence Apr 7 9, 2015 $2,400 Non-residential Coaching and Mentoring for Excellence May 27 29, 2015
More informationComputer and Network Security
EECS 588 Computer and Network Security Introduction January 12, 2016 Alex Halderman Today s Class Welcome! Goals for the course Topics, what interests you? Introduction to security research Components
More informationWAVES: Automatic Synthesis of Client-side Validation Code for Web Applications
WAVES: Automatic Synthesis of Client-side Validation Code for Web Applications Nazari Skrupsky nskroups@cs.uic.edu Maliheh Monshizadeh mmonsh2@uic.edu Prithvi Bisht pbisht@cs.uic.edu Timothy Hinrichs hinrichs@uic.edu
More informationCase 2:08-cv-02463-ABC-E Document 1-4 Filed 04/15/2008 Page 1 of 138. Exhibit 8
Case 2:08-cv-02463-ABC-E Document 1-4 Filed 04/15/2008 Page 1 of 138 Exhibit 8 Case 2:08-cv-02463-ABC-E Document 1-4 Filed 04/15/2008 Page 2 of 138 Domain Name: CELLULARVERISON.COM Updated Date: 12-dec-2007
More informationXIAOKUI SHU. PERSONAL INFORMATION 2202 Kraft Drive http://xshu.net Blacksburg, VA 24060
XIAOKUI SHU PERSONAL INFORMATION 2202 Kraft Drive http://xshu.net Blacksburg, VA 24060 subx@cs.vt.edu RESEARCH INTERESTS Anomaly detection in systems and networks e.g., program execution modeling, event
More informationComputer Software Bugs and Other IT Threats to Critical Infrastructure: A Preliminary Set of Considerations for IT Governance
Computer Software Bugs and Other IT Threats to Critical Infrastructure: A Preliminary Set of Considerations for IT Governance Presentation for the Seventh European Academic Conference on Internal Audit
More informationMihai Christodorescu
Mihai Christodorescu Department of Computer Sciences University of Wisconsin, Madison 1210 W. Dayton St. Madison, WI 53706, USA Voice: +1 608-695-6271 Fax: +1 608-262-9777 http://www.cs.wisc.edu/~mihai
More informationEECS 588: Computer and Network Security. Introduction January 14, 2014
EECS 588: Computer and Network Security Introduction January 14, 2014 Today s Class Welcome! Goals for the course Topics, what interests you? Introduction to security research Components of your grade
More informationDepartment of Information Systems and Cyber Security
The University of Texas at San Antonio 1 Department of Information Systems and Cyber Security All graduate programs in Information Systems and Cyber Security are accredited by AACSB International The Association
More informationDeep Security Vulnerability Protection Summary
Deep Security Vulnerability Protection Summary Trend Micro, Incorporated This documents outlines the process behind rules creation and answers common questions about vulnerability coverage for Deep Security
More informationCross Site Scripting Prevention
Project Report CS 649 : Network Security Cross Site Scripting Prevention Under Guidance of Prof. Bernard Menezes Submitted By Neelamadhav (09305045) Raju Chinthala (09305056) Kiran Akipogu (09305074) Vijaya
More information1. Introduction. 2. Web Application. 3. Components. 4. Common Vulnerabilities. 5. Improving security in Web applications
1. Introduction 2. Web Application 3. Components 4. Common Vulnerabilities 5. Improving security in Web applications 2 What does World Wide Web security mean? Webmasters=> confidence that their site won
More informationVendor Management - Why it s So Important. Employee Benefits Task Force July 27-30, 2014 Hyatt Regency, Newport RI
Vendor Management - Why it s So Important Employee Benefits Task Force July 27-30, 2014 Hyatt Regency, Newport RI MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2010 Wolf & Company,
More informationWAPTEC: Whitebox Analysis of Web Applications for Parameter Tampering Exploit Construction
WAPTEC: Whitebox Analysis of Web Applications for Parameter Tampering Exploit Construction Prithvi Bisht University of Illinois Chicago, USA pbisht@cs.uic.edu Timothy Hinrichs University of Chicago Chicago,
More informationEnhanced Vessel Traffic Management System Booking Slots Available and Vessels Booked per Day From 12-JAN-2016 To 30-JUN-2017
From -JAN- To -JUN- -JAN- VIRP Page Period Period Period -JAN- 8 -JAN- 8 9 -JAN- 8 8 -JAN- -JAN- -JAN- 8-JAN- 9-JAN- -JAN- -JAN- -JAN- -JAN- -JAN- -JAN- -JAN- -JAN- 8-JAN- 9-JAN- -JAN- -JAN- -FEB- : days
More informationIJMIE Volume 2, Issue 9 ISSN: 2249-0558
Survey on Web Application Vulnerabilities Prevention Tools Student, Nilesh Khochare* Student,Satish Chalurkar* Professor, Dr.B.B.Meshram* Abstract There are many commercial software security assurance
More informationAnalysis One Code Desc. Transaction Amount. Fiscal Period
Analysis One Code Desc Transaction Amount Fiscal Period 57.63 Oct-12 12.13 Oct-12-38.90 Oct-12-773.00 Oct-12-800.00 Oct-12-187.00 Oct-12-82.00 Oct-12-82.00 Oct-12-110.00 Oct-12-1115.25 Oct-12-71.00 Oct-12-41.00
More informationDetection and mitigation of Web Services Attacks using Markov Model
Detection and mitigation of Web Services Attacks using Markov Model Vivek Relan RELAN1@UMBC.EDU Bhushan Sonawane BHUSHAN1@UMBC.EDU Department of Computer Science and Engineering, University of Maryland,
More informationEECS 588: Computer and Network Security. Introduction
EECS 588: Computer and Network Security Introduction January 13, 2014 Today s Cass Class Welcome! Goals for the course Topics, what interests you? Introduction to security research Components of your grade
More informationAdobe ColdFusion. Secure Profile Web Application Penetration Test. July 31, 2014. Neohapsis 217 North Jefferson Street, Suite 200 Chicago, IL 60661
Adobe ColdFusion Secure Profile Web Application Penetration Test July 31, 2014 Neohapsis 217 North Jefferson Street, Suite 200 Chicago, IL 60661 Chicago Dallas This document contains and constitutes the
More informationWhat Every (Software) Engineer Needs To Know About Security. -- and -- Where To Learn It
What Every (Software) Engineer Needs To Know About Security -- and -- Where To Learn It Neil Daswani http://www.neildaswani.com http://www.learnsecurity.com Is the sky falling? (yet?) TJX (March 2007)
More informationThreat Modeling. Categorizing the nature and severity of system vulnerabilities. John B. Dickson, CISSP
Threat Modeling Categorizing the nature and severity of system vulnerabilities John B. Dickson, CISSP What is Threat Modeling? Structured approach to identifying, quantifying, and addressing threats. Threat
More informationTowards Client-side HTML Security Policies
Towards Client-side HTML Security Policies Joel Weinberger University of California, Berkeley Adam Barth Google Dawn Song University of California, Berkeley Abstract With the proliferation of content rich
More informationFengwei Zhang. Research Interest. Education. Employment History
Fengwei Zhang Wayne State University 5057 Woodward Avenue, Suite 3010 Detroit, Michigan 48202 fengwei@wayne.edu http://fengwei.me Research Interest My primary research interests are in the areas of systems
More informationCurrent counter-measures and responses by CERTs
Current counter-measures and responses by CERTs Jeong, Hyun Cheol hcjung@kisa.or.kr April. 2007 Contents I. Malware Trends in Korea II. Malware from compromised Web sites III. Case Study : Malware countermeasure
More information90% of data breaches are caused by software vulnerabilities.
90% of data breaches are caused by software vulnerabilities. Get the skills you need to build secure software applications Secure Software Development (SSD) www.ce.ucf.edu/ssd Offered in partnership with
More informationCreating Stronger, Safer, Web Facing Code. JPL IT Security Mary Rivera June 17, 2011
Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011 Agenda Evolving Threats Operating System Application User Generated Content JPL s Application Security Program Securing
More informationMohammad Arzaghi. (marzaghi@aus.edu) http://www.aus.edu/sbm/eco/people/arzaghi%20mohammad.php http://www.nber.org/~arzaghim/
Mohammad Arzaghi (marzaghi@aus.edu) http://www.aus.edu/sbm/eco/people/arzaghi%20mohammad.php http://www.nber.org/~arzaghim/ Office Address (UAE) American University of Sharjah Department of Economics Sharjah,
More informationJENS HENRIK EGGERT CHRISTENSEN RESEARCH ADVISOR, FINANCIAL RESEARCH FEDERAL RESERVE BANK OF SAN FRANCISCO 101 MARKET STREET, SAN FRANCISCO, CA 94105
JENS HENRIK EGGERT CHRISTENSEN RESEARCH ADVISOR, FINANCIAL RESEARCH FEDERAL RESERVE BANK OF SAN FRANCISCO 101 MARKET STREET, SAN FRANCISCO, CA 94105 JENS.CHRISTENSEN@SF.FRB.ORG 415.974.3115 US VISA STATUS:
More informationCenters of Academic Excellence in Cyber Security (CAE-C) Knowledge Units Review
Centers of Academic Excellence in Cyber Security (CAE-C) Knowledge Units Review Review Process The Knowledge Unit (KU) Review Calendar divides the entire CAE-C KU list into 12 months for the purposes of
More informationCompTIA Security+ (Exam SY0-410)
CompTIA Security+ (Exam SY0-410) Length: Location: Language(s): Audience(s): Level: Vendor: Type: Delivery Method: 5 Days 182, Broadway, Newmarket, Auckland English, Entry Level IT Professionals Intermediate
More informationADAM L. DOUPÉ. University of California, Santa Barbara. Advisor: Giovanni Vigna Topic: Black-Box Web Vulnerability Scanners
ADAM L. DOUPÉ P.O. Box 878809 Tempe, AZ 85287-8809 doupe@asu.edu 480-727-5471 EDUCATION 2010 2014 PhD in Computer Science University of California, Santa Barbara Advisor: Giovanni Vigna and Christopher
More informationBUGAT TROJAN JOINS THE MOBILE REVOLUTION
BUGAT TROJAN JOINS THE MOBILE REVOLUTION June 2013 RSA researchers analyzing Bugat Trojan attacks have recently learned that Bugat s developers managed to develop and deploy mobile malware designed to
More informationPentests more than just using the proper tools
Pentests more than just using the proper tools Agenda 1. Information Security @ TÜV Rheinland 2. Penetration testing Introduction Evaluation scheme Security Analyses of web applications Internal Security
More informationPentests more than just using the proper tools
Pentests more than just using the proper tools Agenda 1. Information Security @ TÜV Rheinland 2. Security testing 3. Penetration testing Introduction Evaluation scheme Security Analyses of web applications
More informationRelease of the Draft Cybersecurity Procurement Language for Energy Delivery Systems
Release of the Draft Cybersecurity Procurement Language for Energy Delivery Systems Energy Sector Control Systems Working Group Supporting the Electricity Sector Coordinating Council, Oil & Natural Gas
More informationDOMAIN EXPERTISE METHODOLOGY SKILLS
Xixi Li Assistant Professor Department of Management Science and Engineering Tsinghua University Beijing China 100086 EDUCATION Ph.D., Department of Management & Marketing, Faculty of Business Aug 2006
More informationSoftware security specification and verification
Software security specification and verification Erik Poll Security of Systems (SoS) group Radboud University Nijmegen Software (in)security specification and verification/detection Erik Poll Security
More informationWayne State University Phone: 313-282-1912 5057 Woodward Avenue, Suite 3010 www.linkedin.com/in/sharrukhzaman
Sharrukh Zaman Department of Computer Science E-mail: sharrukh@wayne.edu Phone: 313-282-1912 5057 Woodward Avenue, Suite 3010 www.linkedin.com/in/sharrukhzaman, 48202 www.cs.wayne.edu/sharrukh Education,
More informationKeyword: Cloud computing, service model, deployment model, network layer security.
Volume 4, Issue 2, February 2014 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com An Emerging
More informationFELLOWSHIPS, GRANTS, ACADEMIC AWARDS
ALMINAS ŽALDOKAS +852 9176 1249 HKUST, Clear Water Bay, Kowloon, Hong Kong alminas@ust.hk www.alminas.com ACADEMIC EMPLOYMENT Hong Kong University of Science and Technology 2012 Assistant Professor of
More information9700 South Cass Avenue, Lemont, IL 60439 URL: www.mcs.anl.gov/ fulin
Fu Lin Contact information Education Work experience Research interests Mathematics and Computer Science Division Phone: (630) 252-0973 Argonne National Laboratory E-mail: fulin@mcs.anl.gov 9700 South
More informationEnterprise Application Security Workshop Series
Enterprise Application Security Workshop Series Phone 877-697-2434 fax 877-697-2434 www.thesagegrp.com Defending JAVA Applications (3 Days) In The Sage Group s Defending JAVA Applications workshop, participants
More informationCSCI 454/554 Computer and Network Security. Instructor: Dr. Kun Sun
CSCI 454/554 Computer and Network Security Instructor: Dr. Kun Sun About Instructor Dr. Kun Sun, Assistant Professor of Computer Science http://www.cs.wm.edu/~ksun/ Phone: (757) 221-3457 Email: ksun@wm.edu
More informationInformation Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus
Information Technology Engineers Examination Information Security Specialist Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination
More informationFORBIDDEN - Ethical Hacking Workshop Duration
Workshop Course Module FORBIDDEN - Ethical Hacking Workshop Duration Lecture and Demonstration : 15 Hours Security Challenge : 01 Hours Introduction Security can't be guaranteed. As Clint Eastwood once
More informationMikhail Kouliavtsev Faculty Vita (September 1, 2008 - August 31, 2013)
Mikhail Kouliavtsev Faculty Vita (September 1, 2008 - August 31, 2013) Department: Economics/Finance Rank: Associate Professor Qualification Status: AQ Tenure Status: Tenured EDUCATION PHD, 2003. Institution:
More informationHunting Cross-Site Scripting Attacks in the Network
Hunting Cross-Site Scripting Attacks in the Network Elias Athanasopoulos, Antonis Krithinakis, and Evangelos P. Markatos Institute of Computer Science Foundation for Research and Technology - Hellas N.
More informationEun-Hye [Enki] Yoo. University at Buffalo Tel: (805) 259-7541 The State University of New York Fax: (972) 883-6297
Eun-Hye [Enki] Yoo University at Buffalo Tel: (805) 259-7541 The State University of New York Fax: (972) 883-6297 Department of Geography Email: eunhye@buffalo.edu Buffalo, N.Y. 14222 www page: http://www.geog.buffalo.edu/
More informationRational AppScan & Ounce Products
IBM Software Group Rational AppScan & Ounce Products Presenters Tony Sisson and Frank Sassano 2007 IBM Corporation IBM Software Group The Alarming Truth CheckFree warns 5 million customers after hack http://infosecurity.us/?p=5168
More informationNadine Nasser Donovan, Esq. (617) 791-4282 (cell) nadine@seak.com www.seak.com www.malpracticetestifyingtraining.com
Nadine Nasser Donovan, Esq. (617) 791-4282 (cell) nadine@seak.com www.seak.com www.malpracticetestifyingtraining.com CURRENT: SEAK, INC. Falmouth, MA Consultant/Trainer, August 2002-Present Trains experts
More informationQRCloud: Android Vulnerability Query and Push Services Based on QR Code in Cloud Computing
Journal of Computational Information Systems 11: 11 (2015) 3875 3881 Available at http://www.jofcis.com QRCloud: Android Vulnerability Query and Push Services Based on QR Code in Cloud Computing Jingzheng
More informationHardware Enabled Zero Day Protection
Hardware Enabled Zero Day Protection Cyber Security Division 2012 Principal Investigators Meeting October 11, 2012 Paul A. Rivera President/CEO Def-Logix, Inc. Email: privera@def-logix.com Phone: 210-478-1369
More informationOS KERNEL MALWARE DETECTION USING KERNEL CRIME DATA MINING
OS KERNEL MALWARE DETECTION USING KERNEL CRIME DATA MINING MONISHA.T #1 and Mrs.UMA.S *2 # ME,PG Scholar,Department of CSE, SKR Engineering College,Poonamallee,Chennai,TamilNadu * ME,Assist.professor,
More informationCurriculum Vitae Summary Employment University of Washington at Bothell Sept 2013 Present BBN Technologies June 2011 May 2013
Brent Lagesse, Ph.D. Computing and Software Systems Box 358534 18115 Campus Way NE Bothell, WA 98011-8246 425.352.5313 lagesse@uw.edu Summary Curriculum Vitae Employment I am a professor at the University
More informationHow To Prevent Hacker Attacks With Network Behavior Analysis
E-Guide Signature vs. anomaly-based behavior analysis News of successful network attacks has become so commonplace that they are almost no longer news. Hackers have broken into commercial sites to steal
More informationCarl Burch. 1124 Clifton St mobile 501 499 9892 Conway AR 72034 3911. cburch@cburch.com http://www.cburch.com/ Education May 00
Carl Burch 1124 Clifton St mobile 501 499 9892 Conway AR 72034 3911 cburch@cburch.com http://www.cburch.com/ Education May 00 May 98 May 95 Teaching Fall 04 present Fall 00 Spring 04 Summers 97 02 Spring
More informationEmerging Tools & Trends in Hacking
Version 2007-09 See http://resources.mavensecurity.com for the most recent version Emerging Tools & Trends in Hacking Maven Security Consulting Inc. +1-877-MAVEN-HQ (+1-877-628-3647) www.mavensecurity.com
More informationNadine Nasser Donovan, Esq. (617) 791-4282 (cell) nadine@seak.com www.seak.com www.malpracticetestifyingtraining.com
Nadine Nasser Donovan, Esq. (617) 791-4282 (cell) nadine@seak.com www.seak.com www.malpracticetestifyingtraining.com CURRENT: SEAK, INC. Falmouth, MA Consultant/Trainer, August 2002-Present Trains experts
More informationJuan (Jenn) Du. Homepage: www4.ncsu.edu/ jdu/ Co-advisors: Dr. Xiaohui (Helen) Gu and Dr. Douglas Reeves
Juan (Jenn) Du CONTACT INFORMATION Juan (Jenn) Du Cell: (919) 645-7772 1015 Katie Ln E-mail: jdu.ncsu@gmail.com Cary, NC 27519 Homepage: www4.ncsu.edu/ jdu/ RESEARCH INTERESTS EDUCATION My general research
More informationTeaching and Related Experience
Emese Kennedy May 2015 (Expected) Dec. 2013 May 2010 2013 present 2013 present Education Ph.D. Candidate, Applied Mathematics, North Carolina State University, Advisor: Dr. Hien Tran Dissertation Title:
More informationProgram Logistics for: Cyber Security Defense Certificate
Program Logistics for: Cyber Security Defense Certificate Naval Postgraduate School Center for Information Systems Security Studies and Research (CISR) Monterey, CA 93943 cyber@nps.edu Overview This document
More informationIncident Response. Proactive Incident Management. Sean Curran Director
Incident Response Proactive Incident Management Sean Curran Director Agenda Incident Response Overview 3 Drivers for Incident Response 5 Incident Response Approach 11 Proactive Incident Response 17 2 2013
More informationCertification Report
Certification Report EAL 2+ Evaluation of Symantec Endpoint Protection Version 12.1.2 Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and
More informationLoophole+ with Ethical Hacking and Penetration Testing
Loophole+ with Ethical Hacking and Penetration Testing Duration Lecture and Demonstration: 15 Hours Security Challenge: 01 Hours Introduction Security can't be guaranteed. As Clint Eastwood once said,
More informationMohammad Arzaghi. (marzaghi@aus.edu / arzaghim@nber.org) http://www.nber.org/~arzaghim/
Mohammad Arzaghi (marzaghi@aus.edu / arzaghim@nber.org) http://www.nber.org/~arzaghim/ Office Address (UAE) American University of Sharjah Department of Economics Sharjah, P.O. Box 26666 UAE Tel: +971
More informationSecuring Network Software using Static Analysis
Securing Network Software using Static Analysis Lauri Kolmonen Helsinki University of Technology lauri.kolmonen@hut.fi Abstract Writing network software is not easy and developing secure network software
More informationWhat is Web Security? Motivation
brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web
More informationFor more information on SQL injection, please refer to the Visa Data Security Alert, SQL Injection Attacks, available at www.visa.
Global Partner Management Notice Subject: Visa Data Security Alert Malicious Software and Internet Protocol Addresses Dated: April 10, 2009 Announcement: The protection of account information is a responsibility
More informationOverview. Introduction. Conclusions WINE TRIAGE. Zero day analysis. Symantec Research Labs (SRL)
1 Overview Introduction WINE TRIAGE Zero day analysis Conclusions 2 5 locations: USA: Mountain View (CA), Culver City (CA), Herndon (VA) Europe: Dublin (IE), Sophia Antipolis(FR).. 4 thematic domains:
More informationUR Financials Project
UR Financials Project Demo Days February 2015 Agenda UR Financials Project Update January Close Progress Reporting Enhancements Training Update Workday Releases Communications Saving Filters Demonstration
More informationSoran University Faculty of Science and Engineering Computer Science Department Information Security Module Specification
1. Module Title Information Security 2. Module Code: CS403INS 3. Module Level - Forth Stage 4. Module Leader Safwan M. 5. Teaching Semester 7 and 8 Soran University Faculty of Science and Engineering Computer
More informationEvaluation of Inquiries about the UIS Environmental Studies Online Master s Degree Program
Evaluation of Inquiries about the UIS Environmental Studies Online Master s Degree Program Lenore Killam Hung-Lung Wei Dennis R. Ruez, Jr. University of Illinois at Springfield Introduction The Department
More informationAccident & Emergency Department Clinical Quality Indicators
Overview This dashboard presents our performance in the new A&E clinical quality indicators. These 8 indicators will allow you to see the quality of care being delivered by our A&E department, and reflect
More informationProposal to Reduce Opening Hours at the Revenues & Benefits Coventry Call Centre
Proposal to Reduce Opening Hours at the Revenues & Benefits Coventry Call Centre Proposal To change the opening hours of the Revenues & Benefits Call Centre to 9am until 5pm Monday to Friday with effect
More informationThe Devils Behind Web Application Vulnerabilities
The Devils Behind Web Application Vulnerabilities Defending against Web Application Vulnerabilities IEEE Computer, February 2012 Nuno Antunes, Marco Vieira {nmsa, mvieira}@dei.uc.pt Postgrad Colloquium
More informationThe New PCI Requirement: Application Firewall vs. Code Review
The New PCI Requirement: Application Firewall vs. Code Review The Imperva SecureSphere Web Application Firewall meets the new PCI requirement for an application layer firewall. With the highest security
More information5/03/2014. EDUCATION 2005 Ph.D. in Computers and Information Systems
Hila Etzion Assistant Professor of Technology and Operations Stephen M. Ross School of Business University of Michigan 701 Tappan St. Ann Arbor, MI 48109-1234 (734)-358-1854 E-mail: etzionh@umich.edu EDUCATION
More informationAssociateship in Information Science
Develop- ment NISCAIR offers several HRD programmes to train and prepare professionals in the field of information, documentation and science communication. The training programmes conducted in the field
More informationCyberspace Security Issues and Challenges
Cyberspace Security Issues and Challenges Manu Malek, Ph.D. Department of Computer Science Stevens Institute of Technology mmalek@stevens.edu MSU Seminar, 10/06/03 M. Malek 1 Outline Security status Security
More informationContents The College of Information Science and Technology 2011-2012 Undergraduate Course Descriptions
Contents The College of Information Science and Technology 2011-2012 Undergraduate Course Descriptions Information Science & Systems Courses INFO 101 - Introduction to Information Technology Introduces
More informationFrontiers in Cyber Security: Beyond the OS
2013 DHS S&T/DoD ASD (R&E) CYBER SECURITY SBIR WORKSHOP Frontiers in Cyber Security: Beyond the OS Clear Hat Consulting, Inc. Sherri Sparks 7/23/13 Company Profile CHC was founded in 2007 by S. Sparks
More informationPaolo Maistri. September 8, 2008. Personal Information 2. Education and Studies 2. Academic Activities and Affiliations 3
CURRICULUM VITAE ET STUDIORUM Paolo Maistri September 8, 2008 TABLE OF CONTENTS Personal Information 2 Education and Studies 2 Academic Activities and Affiliations 3 Teaching Activities 4 Teaching Assistance......................................
More informationAnalysis of SQL injection prevention using a proxy server
Computer Science Honours 2005 Project Proposal Analysis of SQL injection prevention using a proxy server By David Rowe Supervisor: Barry Irwin Department of Computer
More informationTEACHING COMPUTER SECURITY TO UNDERGRADUATES A Hands-On Approach
TEACHING COMPUTER SECURITY TO UNDERGRADUATES A Hands-On Approach Rahul V. Tikekar Southern Oregon University Abstract: Increasing awareness of the vulnerabilities of computer systems has led to the introduction
More informationKASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com
KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global
More informationOn the Design of a Web Browser: Lessons learned from Operating Systems
On the Design of a Web Browser: Lessons learned from Operating Systems Kapil Singh Wenke Lee College of Computing, Georgia Institute of Technology, Atlanta, USA E-mail: {ksingh, wenke}@cc.gatech.edu Abstract
More information