Abstract
Two new ventures are aimed at helping web and software developers reduce the number of security vulnerabilities in their software.
The Interpolique framework from Recursion Ventures – set up by Dan Kaminsky, Michael Tiffany and Henry Bar-Levav – aims to help web developers eliminate vulnerabilities to SQL injection and cross-site scripting attacks.
A key method is to convert input from users into Base64, which means that any code or SQL instructions added by users cannot be executed. The framework also includes an extension to MySQL to decode the Base64 strings.
At the moment, the framework is experimental and Recursion is seeking feedback. In the meantime, Kaminsky has suggested using stored procedures or prepared SQL statements as a first line of defence. More info at:
Meanwhile, Veracode has updated its SecurityReview cloud-based application-security-testing service that allows developers to upload code and get back information about vulnerabilities and suggestions for fixing the problems. The new version offers additional APIs and reference integrations that support popular Java, .Net, C/C++, ColdFusion and PHP development environments.