Nytro Posted January 13, 2013 Report Posted January 13, 2013 Static Analysis Of Java Class Files For Quickly And Accurately Detecting Web Description: AbstractAttacks such as Cross-Site Scripting, HTTP header injection, and SQL injection take advantage of weaknesses in the way some web applications handle incoming character strings. One technique for defending against injection vulnerabilities is to sanitize untrusted strings using encoding methods. These methods convert the reserved characters in a string to an inert representation which prevents unwanted side effects. However, encoding methods which are insufficiently thorough or improperly integrated into applications can pose a significant security risk. This paper will outline an algorithm for identifying encoding methods through automated analysis of Java bytecode. The approach combines an efficient heuristic search with selective rebuilding and execution of likely candidates. This combination provides a scalable and accurate technique for identifying and profiling code that could constitute a serious weakness in an application.*****SpeakersArshan Dabirsiaghi. Aspect SecurityMatthew Paisner, Aspect SecurityAlex Emsellem, Intern Software Engineer, Aspect SecurityIntern Software Engineer, Aspect SecurityCurrently pursuing a bachelor's degree in Computer Science. I'm primarily focused on software reverse engineering and exploitation. Around ten years ago I found my first vulnerability in a web application, and remember it vividly. I live for innovative ideas and the cutting-edge. Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Static Analysis of Java Class Files for Quickly and Accurately Detecting Web-Language Encoding Methods on VimeoSursa: Static Analysis Of Java Class Files For Quickly And Accurately Detecting Web Quote
