Andrea Valenza

Andrea Valenza
Università degli Studi di Genova | UNIGE · Dipartimento di Informatica, Bioingegneria, Robotica e Ingegneria dei Sistemi (DIBRIS)

PhD in Computer Science and System Engineering

About

12
Publications
2,417
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
17
Citations

Publications

Publications (12)
Conference Paper
Full-text available
In this paper, we present Damn Vulnerable Application Scanner (DVAS), an intentionally flawed network scanner. DVAS allows the user for training against a novel attacker model, recently presented by Valenza et al. This kind of attack is carried out via malicious HTTP Response messages. Scan reports can be vulnerable to injection attacks, thus putti...
Preprint
Full-text available
Discovering vulnerabilities in applications of real-world complexity is a daunting task: a vulnerability may affect a single line of code, and yet it compromises the security of the entire application. Even worse, vulnerabilities may manifest only in exceptional circumstances that do not occur in the normal operation of the application. It is widel...
Conference Paper
Full-text available
The first step of every attack is reconnaissance, i.e., to acquire information about the target. A common belief is that there is almost no risk in scanning a target from a remote location. In this paper we falsify this belief by showing that scanners are exposed to the same risks as their targets. Our methodology is based on a novel attacker model...
Preprint
Full-text available
The first step of every attack is reconnaissance, i.e., to acquire information about the target. A common belief is that there is almost no risk in scanning a target from a remote location. In this paper we falsify this belief by showing that scanners are exposed to the same risks as their targets. Our methodology is based on a novel attacker model...
Conference Paper
Full-text available
Web Application Firewalls are widely used in production environments to mitigate security threats like SQL injections. Many industrial products rely on signature-based techniques, but machine learning approaches are becoming more and more popular. The main goal of an adversary is to craft semantically malicious payloads to bypass the syntactic anal...
Preprint
Full-text available
Web Application Firewalls are widely used in production environments to mitigate security threats like SQL injections. Many industrial products rely on signature-based techniques, but machine learning approaches are becoming more and more popular. The main goal of an adversary is to craft semantically malicious payloads to bypass the syntactic anal...
Article
Full-text available
Web Application Firewalls (WAFs) are plug-and-play security gateways that promise to enhance the security of a (potentially vulnerable) system with minimal cost and configuration. In recent years, machine learning-based WAFs are catching up with traditional, signature-based ones. They are competitive because they do not require predefined rules; in...
Conference Paper
Full-text available
Computer security competitions in which teams competitively attack and defend programs in real time are powerful training vehicles, but they are costly to organize and run. The same problem arises in the case of cybersecurity education since practical exercises are hard to design and, once exploited, they cannot be reused by the same students. In t...
Conference Paper
Full-text available
Although cybersecurity is becoming more and more central in every software development lifecycle, nowadays, developers often lack a precise understanding of the risks and impacts of cyberattacks. Discovering vulnerabilities in production environments is hard, therefore making developers aware of common vulnerabilities leads to more reliable softwar...
Conference Paper
Full-text available
The security assessment of mobile applications is of paramount importance for both the service providers and their customers. As a matter of fact, nowadays smartphones are the primary access mean for the internet of services. Needless to say, malicious or flawed applications can disruptively compromise the sensitive data they handle. As a major sta...

Network

Cited By

Projects