User:Iberiam

From OWASP
Jump to: navigation, search

Ibéria Medeiros is Assistant Professor of the Universidade dos Açores (UAc), in Açores, Portugal. I am a Ph.D student in Informatics at the Faculdade de Ciências of Universidade de Lisboa. My adivsors are Professor Miguel P. Correia and Professor Nuno Neves. My research area is software security and my work is about detection and correction of web applications vulnerabilities. Since my master degree I have been working in source code static analysis, more precisely taint analysis, to detect vulnerabilities in source code. I have also been using data mining and machine learning to refine the detection made by taint analysis and to minimize the false positives rate.

I am also a researcher at LaSIGE research unit and member of the Navigators Group. My mains research interests are software security, security, computer networks, cloud computing, machine learning, data mining and natural language processing.

In 2008 I have finished my M.Sc on Detection of Integer Vulnerabilities in Software Portability from 32 to 64 bits, advised by Professor Miguel Pupo Correia. My thesis' contribution was a study on integer vulnerabilities in applications written in C language when they are ported from 32 to 64 bits, without any code adaptations. The main idea was use source code static analysis, using taint analysis, to find this type of vulnerabilities that originate, for example, buffer overflows, if any adaption in source code of applications written to 32 bits processors is not realized and these applications are ported to 64 bits processors.

More information about me at https://sites.google.com/site/ibemed/.
email: iberia.medeiros@owasp.org

Projects

OWASP WAP-Web Application Protection

wap_1_33.jpg.jpg

  • A security tool to detect and remove input validation vulnerabilities in web applications, and predict false positives.
  • Uses source code static analysis to detect vulnerabilities, data mining to predict false positives and inserts fixes to correct the source code.
  • Detects and corrects 8 types of input validation vulnerabilities.
  • Teaches the user to build secure software.
  • Works on Linux, Macintosh and Windows.
  • Requires JRE to run.
  • Portable, ready to run and no installation required.