Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
RAID
2005
Springer
2005
Springer
Defending Against Injection Attacks Through Context-Sensitive String Evaluation
Abstract. Injection vulnerabilities pose a major threat to applicationlevel security. Some of the more common types are SQL injection, crosssite scripting and shell injection vulnerabilities. Existing methods for defending against injection attacks, that is, attacks exploiting these vulnerabilities, rely heavily on the application developers and are therefore error-prone. In this paper we introduce CSSE, a method to detect and prevent injection attacks. CSSE works by addressing the root cause why such attacks can succeed, namely the ad-hoc serialization of user-provided input. It provides a platform-enforced separation of channels, using a combination of assignment of metadata to user-provided input, metadata-preserving string operations and context-sensitive string evaluation. CSSE requires neither application developer interaction nor application source code modifications. Since only changes to the underlying platform are needed, it effectively shifts the burden of implementing cou...
Real-time Traffic| Added | 28 Jun 2010 |
| Updated | 28 Jun 2010 |
| Type | Conference |
| Year | 2005 |
| Where | RAID |
| Authors | Tadeusz Pietraszek, Chris Vanden Berghe |
Comments (0)
Researcher Info
|
