An Efficient Black-Box Technique for Defeating Web Application Attacks

Free registration required

Executive Summary

For most web applications, this interception may be achieved using network layer interposition or library interposition. It then develops a class of policies called syntax- and taint-aware policies that can accurately detect and/or block most injection attacks. An experimental evaluation shows that techniques are effective in detecting a broad range of attacks on applications written in multiple languages (including PHP, Java and C), and impose low performance overheads (below 5%).

  • Format: PDF
  • Size: 434 KB