Detecting vulnerabilities in web applications is a daunting problem that does not have a general solution yet. Existing ad-hoc solutions can only identify simple forms of vulnerabilities that are present on the web application surface. In this project, we hypothesize that we can create new algorithms to greatly expand coverage of the attack surface, following a scalable approach. This can be done by creating models and program representations, closer to the ways humans perceive and understand the program behaviors. This project intends to create such semantic models - each capturing semantic elements of the presentation and logic tier of web applications - and the algorithms to create them in practice. Furthermore, this project will put in use these models to devise a new breed of security testing algorithms. In particular, we will focus using goal-oriented agents for the execution of security testing tasks, with limited supervision from a human.

DFG Programme Research Grants