Facebook slings $50k Internet Defense Prize™ at bug hunter duo

  • 21 August 2014
  • 0 replies
  • 186 views

Userlevel 7
By Darren Pauli, 21 Aug 2014
 
Facebook and Usenix have together created the Internet Defense Prize™ – and awarded its first gong to security bods Johannes Dahse and Thorsten Holz.
The pair, of Ruhr University Bochum in Germany, received $50,000 from Facebook's prize-giving committee for their paper, Static Detection of Second-Order Vulnerabilities in Web Applications. Second-order vulnerabilities are so called because they involve uploading data to web servers, which pass on the data to security-critical software – allowing holes in the critical software to be exploited by the uploaded payload.
 "By analysing reads and writes to memory locations of the web server, we are able to identify unsanitised data flows by connecting input and output points of data in persistent data stores such as databases or session data," the pair wrote in the lauded paper, which revealed 159 second-order vulns in six popular web apps including several critical zero-day holes.
 
The Register/ Full Article Here/ http://www.theregister.co.uk/2014/08/21/facebook_internet_defense_prize/

0 replies

Be the first to reply!

Reply