Zhiqiang Lin

Many web servers today face two types of clients: desktop web browsers and smartphone mobile apps. While analyzing the code (e.g., Javascript) running in a web browser can be used to identify the vulnerabilities of web servers, the analysis of mobile apps provides another rich avenue of studying the security of online web. In this talk, I will present a line of research of how to uncover various web server vulnerabilities through automated mobile app analysis. In particular, I will talk about AuthScope that identifies authorization vulnerabilities in web servers via differential analysis. Then, I will talk about LeakScope that identifies the data leakage vulnerabilities in the cloud from mobile apps. These mobile app centric analyses have identified thousands of vulnerabilities and responsible disclosures have all been made to the service providers. Finally, I will also discuss some future directions in this line of research.

View More Papers

Characterizing the Adoption of Security.txt Files and their Applications...

William Findlay (Carleton University) and AbdelRahman Abdou (Carleton University)

Read More

Measuring the Impact of HTTP/2 and Server Push on...

Weiran Lin, Sanjeev Reddy, Nikita Borisov

Read More

DeFiIntel: A Dataset Bridging On-Chain and Off-Chain Data for...

Iori Suzuki (Graduate School of Environment and Information Sciences, Yokohama National University), Yin Minn Pa Pa (Institute of Advanced Sciences, Yokohama National University), Nguyen Thi Van Anh (Institute of Advanced Sciences, Yokohama National University), Katsunari Yoshioka (Graduate School of Environment and Information Sciences, Yokohama National University)

Read More

DorkPot: A Honeypot-based Analysis of Google Dorks

Florian Quinkert, Eduard Leonhardt, Thorsten Holz

Read More