Skip to main content.
Advanced search >
<< Back to previous page Print

<< Tuesday, November 20, 2012 >>

Remind me

Tell a friend

Add to my Google calendar (bCal)

Download to my calendar

Bookmark and ShareShare

Analysis and Enforcement of Web Application Security Policies

Seminar: Departmental | November 20 | 1-2 p.m. | 606 Soda Hall

Joel Weinberger

Electrical Engineering and Computer Sciences (EECS)

Web applications are generally more exposed to untrusted user content than
traditional applications. Thus, web applications face a variety of new and
unique threats, especially that of content injection. One method for preventing
these types of attacks is web application security policies. These policies
specify the behavior or structure of the web application. The goal of this
work is in three parts. First, to understand how security policies and their
systems are currently applied to web applications. The second is to extract
security policies of web applications, focusing on how sanitizers are applied to
web application content. The third is to advance the mechanisms used to apply
security policies to web applications. These three areas will advance the state
of the art in understanding and building web application security policies and
provide a foundation for future work in securing web applications.