Zhiqiang Lin

Many web servers today face two types of clients: desktop web browsers and smartphone mobile apps. While analyzing the code (e.g., Javascript) running in a web browser can be used to identify the vulnerabilities of web servers, the analysis of mobile apps provides another rich avenue of studying the security of online web. In this talk, I will present a line of research of how to uncover various web server vulnerabilities through automated mobile app analysis. In particular, I will talk about AuthScope that identifies authorization vulnerabilities in web servers via differential analysis. Then, I will talk about LeakScope that identifies the data leakage vulnerabilities in the cloud from mobile apps. These mobile app centric analyses have identified thousands of vulnerabilities and responsible disclosures have all been made to the service providers. Finally, I will also discuss some future directions in this line of research.

View More Papers

Bridging the Privacy Gap: Enhanced User Consent Mechanisms on...

Carl Magnus Bruhner (Linkoping University), David Hasselquist (Linkoping University, Sectra Communications), Niklas Carlsson (Linkoping University)

Read More

What Storage? An Empirical Analysis of Web Storage in...

Zubair Ahmad (Università Ca’ Foscari Venezia), Samuele Casarin (Università Ca’ Foscari Venezia), and Stefano Calzavara (Università Ca’ Foscari Venezia)

Read More

An Analysis of First-Party Cookie Exfiltration due to CNAME...

Tongwei Ren (Worcester Polytechnic Institute), Alexander Wittmany (University of Kansas), Lorenzo De Carli (Worcester Polytechnic Institute), Drew Davidsony (University of Kansas)

Read More