An Efficient Black-Box Technique for Defeating Web Application Attacks

Date Added: Sep 2009
Format: PDF

For most web applications, this interception may be achieved using network layer interposition or library interposition. It then develops a class of policies called syntax- and taint-aware policies that can accurately detect and/or block most injection attacks. An experimental evaluation shows that techniques are effective in detecting a broad range of attacks on applications written in multiple languages (including PHP, Java and C), and impose low performance overheads (below 5%).