The last decade has seen a proliferation of code-reuse attacks in the context of web applications. These attacks target vulnerabilities in which attacker-controlled data exploits legitimate code fragments within the application’s codebase to execute a code chain that performs malicious computations, e.g. Remote Code Execution, on the attacker’s behalf. In this talk, we will discuss how principled large-scale static and dynamic code analysis helps in discovering and exploiting vulnerabilities in high-profile server-side applications and their software supply chain, as well as existing defensive mechanisms.
Musard Balliu is an Associate Professor at KTH Royal Institute of Technology in Stockholm, Sweden. His research interests lie at the intersection of computer security, programming languages, formal methods and software engineering. Musard Balliu’s contributions range from foundations to practice of security and privacy with main focus on language-based security and its application to the Web and IoT domain.