[langsec-discuss] WYSINWYG - a (mostly) langsec vulnerability category
will.sargent at gmail.com
Tue Dec 2 19:05:00 UTC 2014
On Tuesday, December 2, 2014 at 10:01 AM, travis+ml-langsec at subspacefield.org wrote:
> So what do these attacks have in common?
> NIDS evasion (Ptacek's paper)
> IDN homograph attacks
> A/V evasion (e.g. Veil-evasion, executable packers)
> Double encoding (and other encoding attacks)
> Computationally-inequivalent endpoints
> What I've been mulling over, and finally teased out, is that they are
> all related to a general pattern, namely:
> What You See Is Not What You Get
> Where the recognizer/enforcement point does not see the same semantic
> content as the processor.
Would "parse tree differential attack" overlap with this category as well?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the langsec-discuss