• United States

$50K awarded for system that sniffs out Web app vulnerabilities

Aug 22, 20141 min
Application Security

Facebook joins forces with USENIX to dole out Internet Defense Prize

A pair of researchers from Ruhr-Universitat Bochum in Germany have been awarded the first $50,000 Internet Defense Prize for their work in combatting “second-order vulnerabilities” in Web apps—threats that lurk on Web servers until the time is right to strike.

The prize is funded by Facebook and orchestrated in conjunction with USENIX, which held its annual Security Symposium in San Diego this week. A Facebook security engineering manager blogged about the award this week.

MORE from USENIX: 5 Cool New Security Breakthroughs

The researchers, Johannes Dahse and Thorsten Holz, presented a paper titled “Static Detection of Second-Order Vulnerabilities in Web Applications” at the symposium. In it, they detail use of automatic static code analysis to detect vulnerabilities before they inflect their pain on victims. (Second-order vulnerabilities are distinct from first-order threats like SQL injections and cross-site scripting.)

The award, which focuses on defending against security threats as opposed to just identifying or theorizing about them, is designed to fund additional research and possibly help bring the technology to market.