[langsec-discuss] WYSINWYG - a (mostly) langsec vulnerability category

Meredith L. Patterson clonearmy at gmail.com
Tue Dec 2 22:20:04 UTC 2014


On Tue, Dec 2, 2014 at 8:36 PM, <travis+ml-langsec at subspacefield.org> wrote:

> On Tue, Dec 02, 2014 at 11:05:00AM -0800, Will Sargent wrote:
> > Would "parse tree differential attack" overlap with this category as
> well?
> >
> > http://ieeexplore.ieee.org/xpls/icp.jsp?arnumber=6553401
>
> Full Text Here?
> http://langsec.org/papers/langsec-tr.pdf
>

Yup, that's the technical report version of the IEEE paper.

BTW, what do you & langsec think of this?
>
> Using parse tree validation to prevent SQL injection attacks (2005)
> http://citeseer.ist.psu.edu/viewdoc/summary?doi=10.1.1.120.9618
>

Discussed in the paper above, actually. We made the same argument you do --
that attempting to recognise an SQL dialect using a "generic" SQL dialect
opens up room for parse tree differential attacks much like how the X.509
attacks worked.

Cheers,
--mlp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.langsec.org/pipermail/langsec-discuss/attachments/20141202/72483b44/attachment.html>


More information about the langsec-discuss mailing list