There is no shortage of hard problems to solve in security. Unsafe Web applications, network defense, mobile device security–all of these are challenges in need of solutions. And the students who presented their work on the second day of the Kaspersky Lab Cyber Security for the Next Generation conference showed that they’ve put some serious effort into finding those solutions.
The morning session saw two excellent presentations, one from Pankaj Kumar Khatkar on defending cloud computing platforms, and another by Raymond Mui on an innovative method for defeating common attacks against Web applications. Mui’s research focused on client and server methods for preventing attacks known as cross-site scripting and SQL injection, both of which are used by attackers to compromise popular Web applications.
Many existing defenses against such attacks rely on training developers to write cleaner, more secure code to eliminate the vulnerabilities that hackers exploit. But Mui is developing a method that stops these attacks by creating two versions of every character used in code and then compares them to ensure that the input to the Web applications are valid.
“We said, let’s have no developer effort and fix this. Let them write the code even with the errors and it will still be secure,” Mui said.
The day began with some interesting remarks from Eugene Kaspersky, CEO of Kaspersky Lab, who discussed he importance of educating the next generation of security researchers and professionals, especially in light of the proliferation of connected devices in non-traditional environments.
“Computers are everywhere now,” Kaspersky said. “Do you know how many computers are in your car? Or how many run the New York transit system?”
The answer, of course, is that no one knows. Computers run everything today–cars, trains, implantable medical devices, power plants and planes. And without the creative research done by students such as the participants in the Cyber Security for the Next Generation conference, attackers may gain the upper hand in the constant battle to secure and defend these systems.
Gallery from Day 2: