Neil Daswani : 2010 Security Workshop


Friday, April 30, 2010
Location: Fisher Conference Center, Arrillaga Alumni Center

"Defending Web Sites From Malware Infections"


Several techniques can be used to prevent, detect, contain, and recover from "drive-by downloads" planted on legitimate sites (e.g., via vulnerabilities in web applications, and "structural" vulnerabilities in web sites), and there exist technical trade-offs in using a combination of mitigation techniques as part of a defense-in-depth strategy to address the growing problem of web-based malware propagation. After presenting code samples of some recent real-world attacks, and briefly reviewing these trade-offs, I will describe the architecture and implementation of mod_antimalware, a novel, open-source containment technology for web servers that can be used to 1) quarantine infections before they impact users, 2) provide business continuity to a web site even while it is infected, and 3) give webmasters time to recover from an attack before their web sites get blacklisted by popular search engines and browsers.


Neil Daswani is a co-founder of Dasient, Inc., a security company backed by some of the most influential investors in Silicon Valley and New York. In the past, Neil has served in a variety of research, development, teaching, and managerial roles at Google, Stanford University, DoCoMo USA Labs, Yodlee, and Bellcore (now Telcordia Technologies). While at Stanford, Neil co-founded the Stanford Center Professional Development (SCPD) Security Certification Program. He has published extensively, frequently gives talks at industry and academic conferences, and has been granted several U.S. patents. He received a Ph.D. and a master's in computer science from Stanford University, and earned a bachelor's in computer science with honors with distinction from Columbia University. Neil is also the lead author of "Foundations of Security: What Every Programmer Needs To Know" (published by Apress; ISBN 1590597842; More information about Neil is available at