«
»

Preventing pervasive string injection-type attacks

Kaminsky, the famous security researcher, launched a startup – introducing Interpolique as the first product
Interpolique — which was released for security experts and IT to poke around at and analyze, but not to use operationally — is basically a framework that lets developers continue to write code the way they always have, but with a tool that helps prevent them from inadvertently leaving string injection flaws in their code. It requires developers to use different prefixes that describe variables of the strings, without requiring any major changes to their coding style, he says. And the resulting code is automatically formatted in such a way that can’t be easily abused by the bad guys.

This entry was posted on June 16, 2010 at 8:51 pm and is filed under Application Security, Infrastructure Security, Secure Coding. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 994 other followers