Loading [a11y]/accessibility-menu.js
The Seven Turrets of Babel: A Taxonomy of LangSec Errors and How to Expunge Them | IEEE Conference Publication | IEEE Xplore

The Seven Turrets of Babel: A Taxonomy of LangSec Errors and How to Expunge Them


Abstract:

Input-handling bugs share two common patterns: insufficient recognition, where input-checking logic is unfit to validate a program's assumptions about inputs, %leading to...Show More

Abstract:

Input-handling bugs share two common patterns: insufficient recognition, where input-checking logic is unfit to validate a program's assumptions about inputs, %leading to the code acting on invalid inputs, and parser differentials, wherein two or more components of a system fail to interpret input equivalently. We argue that these patterns are artifacts of avoidable weaknesses in the development process and explore these patterns both in general and via recent CVE instances. We break ground on defining the input-handling code weaknesses that should be actionable findings and propose a refactoring of existing CWEs to accommodate them. We propose a set of new CWEs to name such weaknesses that will help code auditors and penetration testers precisely express their findings of likely vulnerable code structures.
Date of Conference: 03-04 November 2016
Date Added to IEEE Xplore: 06 February 2017
ISBN Information:
Conference Location: Boston, MA, USA

References

References is not available for this document.