A Static Tainting Analysis Method for Aspect-Oriented Programs

Presented at AppSec USA 2017, Sept. 22, 2017, 2:30 p.m. (45 minutes).

Many web applications contain security vulnerabilities that enable attackers to access sensitive data or gain control of client computers or the servers on which those applications are running. These vulnerabilities are caused by web applications failing to correctly sanitize input data and to safely format output data. Many tools and techniques have been created to detect and correct these problems in web applications written using widely-used programming languages such as PHP and Java but little has been done to address vulnerabilities in web applications written using aspect-oriented languages such as AspectJ. This presentation will introduce a new method of detecting potential vulnerabilities in aspect-oriented web applications.


Presenters:

  • Evan H. Dygert - President - Dygert Consulting, Inc.
    Evan Dygert is a consultant (Dygert Consulting, Inc.) with over 30 years of experience in software development in areas including compilers, databases, finance, insurance, computer networking and security, and software security. He is experienced in many computer languages including Java, Pascal, C/C++, assembly language, and Python. Since 2005, Evan has also performed digital forensics, computer security and expert witness work. Evan has written expert reports, affidavits, and declarations and testified in multiple depositions, a federal hearing, and a trial. Evan has presented at BSides Orlando, SANS@Night, ISC2 and the National Cyber Crime Conference. He has earned 14 GIAC certifications, including the prestigious GSE. In addition he holds the CISSP, CCE, and CEHv8 certifications. Evan enjoys teaching others about security and has mentored high school CyberPatriot teams for the last five years and his teams have competed in the CyberPatriot National Finals in three of the last five years. He was also selected as the CyberPatriot 2015 Mentor of the Year. Evan earned a B.S. in Computer Science from Brigham Young University, an MBA from Rollins College, and has completed the coursework for a Ph.D. in Computer Information Systems and will earn his Ph.D. upon completion of the dissertation.

Links:

Similar Presentations: