A pair of researchers from Ruhr-Universitat Bochum in Germany have been awarded the first $50,000 Internet Defense Prize for their work in combatting “second-order vulnerabilities” in Web apps—threats that lurk on Web servers until the time is right to strike.
The prize is funded by Facebook and orchestrated in conjunction with USENIX, which held its annual Security Symposium in San Diego this week. A Facebook security engineering manager blogged about the award this week.
MORE from USENIX: 5 Cool New Security Breakthroughs
The researchers, Johannes Dahse and Thorsten Holz, presented a paper titled “Static Detection of Second-Order Vulnerabilities in Web Applications” at the symposium. In it, they detail use of automatic static code analysis to detect vulnerabilities before they inflect their pain on victims. (Second-order vulnerabilities are distinct from first-order threats like SQL injections and cross-site scripting.)
The award, which focuses on defending against security threats as opposed to just identifying or theorizing about them, is designed to fund additional research and possibly help bring the technology to market.