An Efficient Black-Box Technique for Defeating Web Application Attack

Over the past few years, injection vulnerabilities have become the primary target for remote exploits. SQL injection, command injection, and cross-site scripting are some of the popular attacks that exploit these vulnerabilities. Taint-tracking has emerged as one of the most promising approaches for defending against these exploits, as it supports accurate detection (and prevention) of popular injection attacks. However, practical deployment of taint-tracking defenses has been hampered by a number of factors, including high performance overheads (often over 100%), the need for deep instrumentation, which has the potential to impact application robustness and stability, and specificity to the language in which an application is written.