Effective software vulnerability detection for web services

Grant number: LP140100437 | Funding period: 2015 - 2019



This project aims to design and implement new and better methods to find vulnerabilities in software services delivered over the web or through the cloud, as well as methods for proving the absence of certain types of vulnerability. So-called injection attacks are pervasive and generally considered the most important security threat on today's Internet. The programming languages used for software services tend to use strings as a universal data structure, which unfortunately makes it hard to separate trusted code from untrusted user-provided data. This project intends to develop novel program analysis tools and string constraint solvers, and employ these tools to support sophisticated automa..

View full description

Related publications (15)