ABSTRACT
Topping the list of the most prominent attacks on applications [6] are various types of injection attacks. Malicious inputs that cause injection attacks are numerous; programmers fail to write checks for all attack patterns. We define a program transformation that allows a programmer to think in terms of rectification policies and automatically add these policies to convert unsafe data inputs to safe inputs. The security oriented program transformation applies to all classes of injection attacks, easing the burden of programmers who would otherwise have to manually write checks.
- Martin Fowler. Refactoring: Improving The Design of Existing Code. Object Technology Series. Addison-Wesley, June 1999. With contributions by Kent Beck, John Brant, Willima Opdyke, and Don Roberts.Google Scholar
- Erich Gamma, Richard Helm, Ralph Johnson, and John Vlissides. Design Patterns. Addison-Wesley, 1995.Google Scholar
- OWASP. Categories of injection attacks, 2008.Google Scholar
- Marcus J. Ranum. The six dumbest ideas in computer security. http://www.ranum.com/security/computer_security/editorials/dumb/, September 2005.Google Scholar
- Martin C. Rinard. Living in the comfort zone. In OOPSLA '07: Proceedings of the 22nd annual ACM SIGPLAN conference on Object oriented programming systems and applications, pages 611--622, New York, NY, USA, 2007. ACM. ISBN 978-1-59593-786-5. Google ScholarDigital Library
- Andrew van der Stock, Jeff Williams, and Dave Wichers. OWASP Top 10 - The ten most critical web application security vulnerabilities - 2007 update, 2007.Google Scholar
Index Terms
- A security oriented program transformation to "add on" policies to prevent injection attacks
Recommendations
A Survey on XSS Attack Detection and Prevention in Web Applications
ICMLC '20: Proceedings of the 2020 12th International Conference on Machine Learning and ComputingWith the popularity of web technology, web applications become more increasingly vulnerable and are exposed to malicious attacks. Cross Site Scripting(XSS) is a typical attack in web applications. When a vulnerability is exploited, an attacker may ...
Mitigating program security vulnerabilities: Approaches and challenges
Programs are implemented in a variety of languages and contain serious vulnerabilities which might be exploited to cause security breaches. These vulnerabilities have been exploited in real life and caused damages to related stakeholders such as program ...
Prevent kernel return-oriented programming attacks using hardware virtualization
ISPEC'12: Proceedings of the 8th international conference on Information Security Practice and ExperienceROP attack introduced briefly in this paper is a serious threat to compute systems. Kernel ROP attack is great challenge to existing defenses because attackers have system privilege, little prerequisite to mount attacks, and the disability of existing ...
Comments