Skip to main content
Conference ProceedingsOPEN ACCESS

LangSec revisited: Input security flaws of the second kind

Proceedings - 2018 IEEE Symposium on Security and Privacy Workshops, SPW 2018 (2018) 329-334
DOI: 10.1109/SPW.2018.00051
8Citations
Citations of this article
17Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

We consider a simple classification of input flaws in two categories: (1) flaws in processing input, with buffer overflows in parsers as the classic example, and (2) flaws in forwarding input to some other system, aka injection flaws, with SQL injection and XSS as classic examples. The LangSec approach identifies common root causes for both categories of flaws, but much of the LangSec literature and efforts focus on the first category of flaws, especially on techniques to eliminate parser bugs. Therefore we take a look at some existing approaches to tackling the second category of flaws, to identify (anti)patterns and place these in the LangSec perspective.

Cite

CITATION STYLE

APA

Poll, E. (2018). LangSec revisited: Input security flaws of the second kind. In Proceedings - 2018 IEEE Symposium on Security and Privacy Workshops, SPW 2018 (pp. 329–334). Institute of Electrical and Electronics Engineers Inc. https://doi.org/10.1109/SPW.2018.00051

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free