Search Icon
Register

Identifying Web Server Vulnerabilities Through Mobile App Centric Analysis

Zhiqiang Lin

Many web servers today face two types of clients: desktop web browsers and smartphone mobile apps. While analyzing the code (e.g., Javascript) running in a web browser can be used to identify the vulnerabilities of web servers, the analysis of mobile apps provides another rich avenue of studying the security of online web. In this talk, I will present a line of research of how to uncover various web server vulnerabilities through automated mobile app analysis. In particular, I will talk about AuthScope that identifies authorization vulnerabilities in web servers via differential analysis. Then, I will talk about LeakScope that identifies the data leakage vulnerabilities in the cloud from mobile apps. These mobile app centric analyses have identified thousands of vulnerabilities and responsible disclosures have all been made to the service providers. Finally, I will also discuss some future directions in this line of research.

View More Papers

coucouArray ( [post_type] => ndss-paper [post_status] => publish [posts_per_page] => 4 [orderby] => rand [tax_query] => Array ( [0] => Array ( [taxonomy] => category [field] => id [terms] => Array ( [0] => 40 ) ) ) [post__not_in] => Array ( [0] => 4805 ) )

Log4shell: Redefining the Web Attack Surface

Douglas Everson (Clemson University), Long Cheng (Clemson University), and Zhenkai Zhang (Clemson University)

Read More

DorkPot: A Honeypot-based Analysis of Google Dorks

Florian Quinkert, Eduard Leonhardt, Thorsten Holz

Read More

What the Fork? Finding and Analyzing Malware in GitHub...

Alan Cao (New York University) and Brendan Dolan-Gavitt (New York University)

Read More

[WITHDRAWN] First, Do No Harm: Studying the manipulation of...

Shubham Agarwal (Saarland University), Ben Stock (CISPA Helmholtz Center for Information Security)

Read More

Privacy Starts with UI: Privacy Patterns and Designer Perspectives in UI/UX Practice

Anxhela Maloku (Technical University of Munich), Alexandra Klymenko (Technical University of Munich), Stephen Meisenbacher (Technical University of Munich), Florian Matthes (Technical University of Munich)

Vision: Profiling Human Attackers: Personality and Behavioral Patterns in Deceptive Multi-Stage CTF Challenges

Khalid Alasiri (School of Computing and Augmented Intelligence Arizona State University), Rakibul Hasan (School of Computing and Augmented Intelligence Arizona State University)

From Underground to Mainstream Marketplaces: Measuring AI-Enabled NSFW Deepfakes on Fiverr

Mohamed Moustafa Dawoud (University of California, Santa Cruz), Alejandro Cuevas (Princeton University), Ram Sundara Raman (University of California, Santa Cruz)