Pyramid Workshop
The focus of the workshop is on web security, with an emphasis on discussing current issues and exploring open research avenues in the field.
The workshop will be held on Wednesday, October 9, and Thursday, October 10 at Inria Kahn Building K1 and K2 rooms, Sophia Antipolis. Unless you work at Inria (Sophia Antipolis), you need to be registered at the workshop and present your ID at the Inria entrance in order to attend (Identity cards, passports, residence permits, and driving licenses are accepted as IDs.).
Registrations to the workshop are now closed.
Agenda
Wednesday, October 9
09:00-09:30 Welcome coffee and round of introductions
09:30-09:55 UX for giving actionable security feedback to developers (feat. CSP Evaluator and TT Helper) – Aaron Shim and Kian Jamali
09:55-10:20 Static analysis for Trusted Types compatibility in OSS (especially NPM) ecosystem – Guillaume Weghsteen
10:20-10:35 Coffee Break
10:35-11:00 JavaScript Sandboxing Reloaded – Daniel Hedin-
11:00-12:00 Discussion: Measurable security for web applications -Leader: Artur Janc
12:00 Buffet Lunch (Kahn)
13:30-14:30 Discussion: False positives with SAST tools: challenges – Leader: Merve Sahin
14:30-14:55 Challenges of Client-side Exploration – Benjamin Eriksson
14:55-15:20 Coffee Break
15:20-15:55 GHunter: Universal Prototype Pollution Gadgets in JavaScript Runtimes – Eric Cornelissen
19:30 Dinner in Le Safranier, Antibes
Thursday, October 10
09:00-09:15 Welcome coffee
09:15-09:40 Security is more than compliance: advanced security testing – Luca Compagna
09:40-10:05 Challenges of Security Browser Extensions – Pablo Picazo-Sanchez
10:05-10:30 Spider-Scents: Grey-box Database-aware Web Scanning for Stored XSS – Eric Olsson
10:30-10:45 Coffee Break
10:45-11:45 Discussion: New attacks / attack surfaces on the web – Leader: Artur Janc
12:00 Lunch at Inria cantine
14:00 End
———————-
Pyramid organizers: Artur Janc (Google), Tamara Rezk (Inria), Andrei Sabelfeld (Chalmers).
This workshop will be partially supported by Inria, Google, and Chalmers.
