This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

A new approach to preventing injection attacks on the Web Application Stack

Jump to: navigation, search


Registration | Hotel | Walter E. Washington Convention Center

The presentation

Owasp logo normal.jpg
Code injection vulnerabilities such as, SQL injection, javascript injection, byte-code injection, etc… constitute the most susceptible path of entry for rogue hackers into the corporate networks of an organization. This paper discusses the core components of Web Application code-injection attacks; the limitations of existing approaches (such as regular expression searches) to prevent such attacks; the paper introduces a new generalized approach to solving the code-injection problem by building new solution vectors based on compiler theory, in particular GLR parser theory combined with learning engines to solve the attack identification problem. An brief introduction to Trustifier ryū is provided as an example of practical implementation of the theories and concepts put forth in this paper.

Ahmed Masud

Speaker bio will be posted shortly.