New ventures help developers in fight against security flaws

Get BibTex-formatted data

Author

Eugene H. Spafford

Entry type

article

Abstract

Two new ventures are aimed at helping web and software developers reduce the number of security vulnerabilities in their software. The Interpolique framework from Recursion Ventures – set up by Dan Kaminsky, Michael Tiffany and Henry Bar-Levav – aims to help web developers eliminate vulnerabilities to SQL injection and cross-site scripting attacks. A key method is to convert input from users into Base64, which means that any code or SQL instructions added by users cannot be executed. The framework also includes an extension to MySQL to decode the Base64 strings. At the moment, the framework is experimental and Recursion is seeking feedback. In the meantime, Kaminsky has suggested using stored procedures or prepared SQL statements as a first line of defence. More info at: Meanwhile, Veracode has updated its SecurityReview cloud-based application-security-testing service that allows developers to upload code and get back information about vulnerabilities and suggestions for fixing the problems. The new version offers additional APIs and reference integrations that support popular Java, .Net, C/C++, ColdFusion and PHP development environments.

Date

2010 – 7 – 1

URL

http://www.sciencedirect.com/s ... le/pii/S1353485810700775#

Institution

Purdue University

Key alpha

Spafford

Publication Date

2010-07-01

Location

A hard-copy of this is in REC 216

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Article{ Spafford,
	title = "New ventures help developers in fight against security flaws",
	author = "Eugene H. Spafford",
	year = "2010",
	month = "7",
	institution = "Purdue University",
	day = "1",
	abstract = "Two new ventures are aimed at helping web and software developers reduce the number of security vulnerabilities in their software.

The Interpolique framework from Recursion Ventures – set up by Dan Kaminsky, Michael Tiffany and Henry Bar-Levav – aims to help web developers eliminate vulnerabilities to SQL injection and cross-site scripting attacks.

A key method is to convert input from users into Base64, which means that any code or SQL instructions added by users cannot be executed. The framework also includes an extension to MySQL to decode the Base64 strings.

At the moment, the framework is experimental and Recursion is seeking feedback. In the meantime, Kaminsky has suggested using stored procedures or prepared SQL statements as a first line of defence. More info at:

Meanwhile, Veracode has updated its SecurityReview cloud-based application-security-testing service that allows developers to upload code and get back information about vulnerabilities and suggestions for fixing the problems. The new version offers additional APIs and reference integrations that support popular Java, .Net, C/C++, ColdFusion and PHP development environments.",
	url = "http://www.sciencedirect.com/science/article/pii/S1353485810700775#",
}