HomeНаука и техникаRelated VideosMore From: Christiaan008

OWASP AppSecUSA 2012: Static Analysis of Java Class Files for Quickly and Accurately Detecting

1 ratings | 388 views
Speakers: Arshan Dabirsiaghi. Aspect Security | Matthew Paisner, Aspect Security | Alex Emsellem, Intern Software Engineer, Aspect Security Attacks such as Cross-Site Scripting, HTTP header injection, and SQL injection take advantage of weaknesses in the way some web applications handle incoming character strings. One technique for defending against injection vulnerabilities is to sanitize untrusted strings using encoding methods. These methods convert the reserved characters in a string to an inert representation which prevents unwanted side effects. However, encoding methods which are insufficiently thorough or improperly integrated into applications can pose a significant security risk. This paper will outline an algorithm for identifying encoding methods through automated analysis of Java bytecode. The approach combines an efficient heuristic search with selective rebuilding and execution of likely candidates. This combination provides a scalable and accurate technique for identifying and profiling code that could constitute a serious weakness in an application. For more information visit: http://bit.ly/AppSec12_USA_information To download the video visit: http://bit.ly/AppSec12_USA_videos Playlist OWASP AppSec USA 2011: http://bit.ly/AppSec12_USA_playlist
Html code for embedding videos on your blog
Text Comments (0)

Would you like to comment?

Join YouTube for a free account, or sign in if you are already a member.