OWASP Global AppSec US 2021
Attending this event?
Back To Schedule
Friday, November 12 • 10:00am - 11:00am
Ending Injection Vulnerabilities

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

How programming languages can bring an end to Injection Vulnerabilities, by "distinguishing strings from a trusted developer, from strings that may be attacker controlled".

This simple distinction will allow libraries to ensure Injection Vulnerabilities are not possible, because those sensitive values (e.g. SQL, HTML, CLI strings) cannot contain user values. Instead, it will be up to the well-tested libraries to handle user values; ideally via parameterised queries, but they can also use appropriate escaping.

avatar for Craig Francis

Craig Francis

Developer, Code Poets Limited
Software developer for 20 something years,OWASP Chapter Co-Lead for Bristol UK

Friday November 12, 2021 10:00am - 11:00am PST
Feedback form isn't open yet.

Attendees (5)