Scientific Talk at SBA: An Overview of Selected Topics and Research Opportunities in Information System Security by Pavol Zavarsky
Pavol Zavarsky is holding a scientific talk at SBA Research about an overview of selected topics and research opportunities in information system security
The focus of the presentation will be on two research-intensive fields of information security: (1) detection of web application vulnerabilities, and (2) methods of detecting malware that has evaded enterprise anti-malware services and successfully infected host computers. The presentation will start by outlining major challenges in detecting advanced web application vulnerabilities. To illustrate research opportunities, results of performance of current state-of-the-art black-box web vulnerability scanners in detecting web application vulnerabilities will be analyzed. Then, the presentation will address the fact that some percentage of new-born malware has always evaded detection by standard enterprise-class anti-malware services and security controls. Various aspects of obfuscation will be analyzed, results in detecting operational malware by its tactics of obfuscation will be shown, and possible avenues that might be explored will be discussed. Finally, by comparing detection capabilities of forensic investigation utilities based on live response and memory image analysis in detecting SSDT hooking by bona fide Windows kernel rootkits, the presentation will illustrate the pressing, practical importance of continued research into memory forensics and improvement of memory forensic utilities.