People

CVEs

  • CVE-2008-4818
  • CVE-2009-1688
  • CVE-2009-1689
  • CVE-2009-1702
  • CVE-2009-1715

The WebBlaze project aims to design and develop new techniques and architectures for securing the Web.

Recent Publications

Towards a Formal Foundation of Web Security
Devdatta Akhawe, Adam Barth, Peifung Eric Lam, John Mitchell, Dawn Song,
In Proc. of the 23rd Computer Security Foundations Symposium (CSF 2010)
The Emperor's New API: On the (In)Secure Usage of New Client Side Primitives
Steve Hanna, Richard Shin, Devdatta Akhawe, Prateek Saxena, Arman Boehm, Dawn Song,
In the 4th Web 2.0 Security & Privacy Worshop (W2SP 2010)
A Symbolic Execution Framework for JavaScript
Prateek Saxena, Devdatta Akhawe, Steve Hanna, Feng Mao, Stephen McCamant, Dawn Song,
In Proc. of the 31st IEEE Symposium on Security & Privacy (Oakland 2010)
FLAX: Systematic Discovery of Client-side Validation Vulnerabilities in Rich Web Applications
Prateek Saxena, Steve Hanna, Pongsin Poosankam, Dawn Song,
In Proc. of the 17th Network and Distributed System Security Symposium (NDSS 2010)
Preventing Capability Leaks in Secure JavaScript Subsets
Matthew Finifter, Joel Weinberger, and Adam Barth,
In Proc. of the 17th Network and Distributed System Security Symposium (NDSS 2010)
Protecting Browsers from Extension Vulnerabilities
Adam Barth, Adrienne Porter Felt, Prateek Saxena, and Aaron Boodman
In Proc. of the 17th Network and Distributed System Security Symposium (NDSS 2010)
Cross-Origin JavaScript Capability Leaks: Detection, Exploitation, and Defense
Adam Barth, Joel Weinberger, and Dawn Song
In USENIX Security Symposium (USENIX Security 2009)
Secure Content Sniffing for Web Browsers, or How to Stop Papers from Reviewing Themselves
Adam Barth, Juan Caballero, and Dawn Song
In IEEE Security & Privacy (Oakland 2009)
Extracting Models of Security-Sensitive Operations using String-Enhanced White-Box Exploration on Binaries
Juan Caballero, Stephen McCamant, Adam Barth, and Dawn Song
Technical Report UCB/EECS-2009-36
Document Structure Integrity: A Robust Basis for Cross-site Scripting Defense
Yacin Nadji, Prateek Saxena, and Dawn Song
In Network & Distributed System Security Symposium (NDSS 2009)
Robust Defenses for Cross-Site Request Forgery
Adam Barth, Collin Jackson, and John C. Mitchell
In Computer and Communication Security (CCS 2008)

Seminar

WebBlaze has an informal weekly seminar on Wednesdays at 4pm. To subscribe to the list, visit the webblaze-group mailing list.