特定于类型的语言来对抗注入攻击

Symposium and Bootcamp on the Science of Security Pub Date : 2014-04-08 DOI:10.1145/2600176.2600194

Darya Kurilova, Cyrus Omar, L. Nistor, Benjamin Chung, A. Potanin, Jonathan Aldrich

{"title":"特定于类型的语言来对抗注入攻击","authors":"Darya Kurilova, Cyrus Omar, L. Nistor, Benjamin Chung, A. Potanin, Jonathan Aldrich","doi":"10.1145/2600176.2600194","DOIUrl":null,"url":null,"abstract":"Injection vulnerabilities have topped rankings of the most critical web application vulnerabilities for several years [1, 2]. They can occur anywhere where user input may be erroneously executed as code. The injected input is typically aimed at gaining unauthorized access to the system or to private information within it, corrupting the system's data, or disturbing system availability. Injection vulnerabilities are tedious and difficult to prevent.","PeriodicalId":193860,"journal":{"name":"Symposium and Bootcamp on the Science of Security","volume":"34 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-04-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Type-specific languages to fight injection attacks\",\"authors\":\"Darya Kurilova, Cyrus Omar, L. Nistor, Benjamin Chung, A. Potanin, Jonathan Aldrich\",\"doi\":\"10.1145/2600176.2600194\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Injection vulnerabilities have topped rankings of the most critical web application vulnerabilities for several years [1, 2]. They can occur anywhere where user input may be erroneously executed as code. The injected input is typically aimed at gaining unauthorized access to the system or to private information within it, corrupting the system's data, or disturbing system availability. Injection vulnerabilities are tedious and difficult to prevent.\",\"PeriodicalId\":193860,\"journal\":{\"name\":\"Symposium and Bootcamp on the Science of Security\",\"volume\":\"34 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-04-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Symposium and Bootcamp on the Science of Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2600176.2600194\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Symposium and Bootcamp on the Science of Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2600176.2600194","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

摘要

注入漏洞多年来一直是最严重的web应用程序漏洞之一[1,2]。它们可以出现在用户输入可能被错误地作为代码执行的任何地方。注入的输入通常旨在获得对系统或其中的私有信息的未经授权的访问，破坏系统数据或干扰系统可用性。注入漏洞冗长且难以预防。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Type-specific languages to fight injection attacks

Injection vulnerabilities have topped rankings of the most critical web application vulnerabilities for several years [1, 2]. They can occur anywhere where user input may be erroneously executed as code. The injected input is typically aimed at gaining unauthorized access to the system or to private information within it, corrupting the system's data, or disturbing system availability. Injection vulnerabilities are tedious and difficult to prevent.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Symposium and Bootcamp on the Science of Security

自引率

0.00%

发文量