- Ph.D. Electronic Engineering Politecnico di Milano, Italy, 1998
- M.S. with honors, Electronic Engineering, Politecnico di Milano, Italy, 1994
Giovanni Vigna is a Professor in the Department of Computer Science at the University of California in Santa Barbara. His current research interests include malware analysis, web security, vulnerability assessment, and mobile phone security. He also edited a book on Security and Mobile Agents and authored one on Intrusion Correlation. He has been the Program Chair of the International Symposium on Recent Advances in Intrusion Detection (RAID 2003), of the ISOC Symposium on Network and Distributed Systems Security (NDSS 2009), and of the IEEE Symposium on Security and Privacy in 2011. He is known for organizing and running an inter-university Capture The Flag hacking contest, called iCTF, that every year involves dozens of institutions around the world. He is a member of IEEE and ACM.
In the past ten years, the Internet has evolved in terms of both the type of services and applications being deployed and the kind of malicious activity being carried out. Web applications have become tremendously popular, and, nowadays, they are routinely used in security-critical environments, such as medical, financial, and military systems. As the use of web applications for critical services has increased, the number and sophistication of attacks against these applications have grown as well. In addition, the hosts that are compromised by means of vulnerable web applications often become part of large-scale botnets and are used to spread malware (e.g., through drive-by downloads) or to host scam and phishing sites, as black-hat hackers move from "hacking-for-fun to" to "hacking-for-profit."
My research focuses on a number of different topics: how to protect web applications (by finding vulnerabilities before they are deployed and also by detecting web-based attacks), how to detect and block malicious software, and how to develop, test, and evaluate intrusion detection systems.
In addition, my expertise in vulnerability analysis and penetration testing got me involved in two large-scale efforts to evaluate the security of the voting systems in use in California and Ohio.