Tolga Ünlü

Tolga Ünlü

Abertay University – Division of Cyber Security

Posts by Collection

portfolio

publications

talks

Attack-Aware Applications

Published:

In this talk, I will present an uncommon concept of intrusion detection which can provide real-time defense and insights on malicious activities targeting your application. The core idea is to detect intrusions inside an application by observing deviations from “normal application behavior”.

As part of my PhD research, Im investigating the existing methods of integrating attack awareness into applications and I will briefly describe the methods I have been researching so far, including some examples in the form of code snippets.

A Taxonomy of Approaches for Integrating Attack Awareness in Applications

Published:

Software applications are subject to an increasing number of attacks, resulting in data breaches and financial damage. Many solutions have been considered to help mitigate these attacks, such as the integration of attack-awareness techniques. In this talk, we propose a taxonomy illustrating how existing attack awareness techniques can be integrated into applications. This work provides a guide for security researchers and developers, aiding them when choosing the approach which best fits the needs of their application.

Detecting Malice with Puppeteer

Published:

This talk is going to be about some of the ideas and code samples I was playing with to use Puppeteer scripts as canaries for malicious behavior and leaks. As this is also tied to my research on attack-aware web applications, I will give a brief introduction on this and explain how a client-based detection approach, which sees the things from a users perspective, can complement server-side attack-awareness techniques.

Keeping Mentally Healthy

Published:

Doing a PhD can be lonely at times, but COVID has intensified the isolation and uncertainty experienced by PhD students. The SICSA Universities provide support through counselling, mentoring and other mental health services. But, at the moment these services are in heavy demand and access and provision are disrupted by COVID. The SICSA PhD Peer Support Network provides additional support from within our PhD community. In this plenary session the network will outline what it does, how to access it and how we can all contribute to our mental health.

Defensive Coding Reloaded: A Guide To Active Web Application Defence

Published:

When considering defending and protecting web applications, rarely do we speak about what the web applications themselves can actively do when under attack. Built-in detection and response capabilities can be a highly effective and underutilized method to mitigate attacks and to act as a canary for malicious activity.

Ready for Detection! A Survey on Attack-Awareness Means in Web Frameworks

Published:

In the development of web applications, web frameworks play a vital role, providing tools and ready-to-use components which simplify the development of common web application tasks. Such components include security controls and mechanisms to prevent web application vulnerabilities that could potentially be exploited. However, while these security controls most often focus on the prevention of vulnerabilities, there is limited research on whether frameworks also include detective security controls which could make web applications attack-aware and report on active exploitation attempts. An attack-awareness capability could act as a warning system, or “canary” for suspicious activity and enable developers to step in before an attacker succeeds.

teaching

Teaching experience 1

Undergraduate course, University 1, Department, 2014

This is a description of a teaching experience. You can use markdown like any other post.

Teaching experience 2

Workshop, University 1, Department, 2015

This is a description of a teaching experience. You can use markdown like any other post.