On November 06, 2017


손수엘(Sooel Son), KAIST


Web Attacks on Common Vulnerabilities


We live in the era of mobile and Web technology. The more Web applications process private/sensitive information, the riskier Web vulnerabilities become. In this talk, I will address common developer mistakes that cause Web vulnerabilities as well as their detection methods. In the second half of the talk, I will present a new mobile attack vector that leverages popular mobile advertising libraries, which was presented NDSS 2016. I will demonstrate how malicious ads can infer sensitive information about users by accessing external storage, which is essential for media-rich ads in order to cache video and images. I will conclude the talk with recommendations for Android app developers to mitigate the threat.


Sooel Son is an assistant professor at KAIST. His research interests cover Web security and privacy as well as software analysis. He worked in Google security/privacy research and advertising identity/privacy teams. He received a Ph.D. (2014) from The University of Texas at Austin.