Talks@DI: Ibéria Medeiros

Title:
Detecting vulnerabilities and Protecting Web Applications

Abstract:
Although a significant research effort on web application security has been on going for a while, these applications have been a major source of problems and their security continues to be challenged. A major cause of this status derives from vulnerable source code, often written in unsafe languages like PHP, and programmed by people without the appropriate knowledge about secure coding, who leave flaws in the applications. Nowadays the most exploited vulnerability category is the input validation, which is directly related with the user inputs inserted in web application forms. In this talk I will present methodologies and tools for the detection of input validation vulnerabilities in source code and for the protection of web applications written in PHP, using source code static analysis, machine learning and runtime protection techniques.

Short bio:
Ibéria Medeiros is an Invited Assistant Professor in the Department of Informatics, at the Faculty of Sciences University of Lisbon. She is also an integrated researcher at the LaSIGE, being a member of the Navigators group. Until September 2016 she was an Invited Teacher at the Department of Mathematics, University of Azores.
Ibéria received her PhD in Computer Science and her MSc at the Faculty of Sciences University of Lisbon (2016 and 2008), and her BSc in Mathematics and Informatics at the University of Azores (1997). She is author of a few software security tools and a PHP parser, which were developed during her master and doctoral degrees. She has been participating in SEGRID and DiSIEM european projects. Her research interests are software security, source code static analysis, vulnerability detection and machine learning.