Doupé looks to safeguard personal data through advanced automated vulnerability analysis tools

Select Page

Doupé looks to safeguard personal data through advanced automated vulnerability analysis tools

portrait of Adam Doupé

Adam Doupé

Nowadays, when a person wants to buy something over the internet they will type in their credit card information, name and address without giving it a second thought. In fact, a single vulnerability in a web application can allow an attacker to steal that personal information.

Adam Doupé, an assistant professor of computer science and engineering in Arizona State University’s Ira A. Fulton Schools of Engineering, wants to develop tools that can automatically find such vulnerabilities in a web application, so they can be found and remedied before an attacker can exploit them.

Doupé is developing these tools as part of a five-year, $416,585 National Science Foundation CAREER Award, “Next Generation Black-Box Web Application Vulnerability Analysis.”

“The inspiration for this project was my own experiences as a penetration tester for web applications,” says Doupé. “I realized that, as a human, when I am interacting with a web application, I am not only building a mental model of how the web application works, but I’m also trying to understand how the code of the web application was written. This is essentially reverse engineering the code of the web application.”

Doupé wondered if this idea could be applied to an automated tool. Could an automated tool reverse engineer the code of the web application simply through interacting with it?

“It turns out that there is a branch of machine learning, called inductive programming, that could help,” says Doupé. “Therefore, the project idea is to apply inductive programming techniques to automatically reverse engineer the source code of a web application, simply through interacting with it, then to identify vulnerabilities in the reverse engineered source code of the web application. This should result in smarter tools that can find vulnerabilities as well as a human.” 

The growing need for secure data solutions keeps research such as Doupé’s in high demand.

“I think that the proposal was chosen because it features the combination of interesting and diverse research areas that are applied to an area with great impact,” Doupé says.

The excitement and potential of innovations helped draw Doupé to ASU.

“Everyone I talked to was positive and excited about their research,” says Doupé. “I knew that I wanted to be a part of the ASU family.”

ASU’s robust support system helped Doupé put together the successful proposal. He credits Steven Ayer, assistant professor of construction management and engineering, Stacy Esposito, director of Research Advancement in the Fulton Schools, and his fellow computer science and engineering faculty in helping to strengthen the proposal.

About The Author

Erik Wirtanen

Erik Wirtanen graduated from Arizona State in 2001 with a B.S. in Recreation Management and Tourism. He got his start in the communications field as an undergrad with the ASU Athletics Media Relations office. He worked at UC Irvine from 2002 until 2014 in the Department of Athletics and then The Henry Samueli School of Engineering. In August of 2014, Wirtanen joined the communications office at the Ira A. Fulton Schools of Engineering. Media Contact: erik.wirtanen@asu.edu | 480-727-1957 | Ira A. Fulton Schools of Engineering Communications

ASU Engineering on Facebook