Pyramid Workshop

Pyramid Workshop

The focus of the workshop is on web security, with an emphasis on discussing current issues and exploring open research avenues in the field.

The workshop will be held on Wednesday, October 9, and Thursday, October 10 at Inria Kahn Building K1 and K2 rooms, Sophia Antipolis. Unless you work at Inria (Sophia Antipolis), you need to be registered at the workshop and present your ID at the Inria entrance in order to attend (Identity cards, passports, residence permits, and driving licenses are accepted as IDs.).

Registrations to the workshop are now closed.

Agenda

Wednesday, October 9

09:00-09:30 Welcome coffee and round of introductions

09:30-09:55 UX for giving actionable security feedback to developers (feat. CSP Evaluator and TT Helper) – Aaron Shim and Kian Jamali

09:55-10:20 Static analysis for Trusted Types compatibility in OSS (especially NPM) ecosystem – Guillaume Weghsteen

10:20-10:35 Coffee Break

10:35-11:00 JavaScript Sandboxing Reloaded – Daniel Hedin-

11:00-12:00 Discussion: Measurable security for web applications -Leader: Artur Janc

12:00 Buffet Lunch (Kahn)

13:30-14:30 Discussion: False positives with SAST tools: challenges –  Leader: Merve Sahin 

14:30-14:55 Challenges of Client-side Exploration – Benjamin Eriksson

14:55-15:20 Coffee Break

15:20-15:55 GHunter: Universal Prototype Pollution Gadgets in JavaScript Runtimes – Eric Cornelissen

19:30 Dinner in Le Safranier,  Antibes

Thursday, October 10

09:00-09:15 Welcome coffee

09:15-09:40  Security is more than compliance: advanced  security testing – Luca Compagna 

09:40-10:05  Challenges of Security Browser Extensions – Pablo Picazo-Sanchez

10:05-10:30 Spider-Scents: Grey-box Database-aware Web Scanning for Stored XSS  – Eric Olsson

10:30-10:45 Coffee Break

10:45-11:45  Discussion: New attacks / attack surfaces on the web – Leader: Artur Janc 

12:00 Lunch at Inria cantine

14:00 End

———————-

Pyramid organizers: Artur Janc (Google), Tamara Rezk (Inria), Andrei Sabelfeld (Chalmers).

This workshop will be partially supported by Inria, Google, and Chalmers.