Black Hat Briefings, Las Vegas 2005 [audio] Presentations From The Security Conference

Mike Pomraning: Injection Flaws: Stop Validating Your Input



Years after the debut of XSS and SQL Injection, each passing week sees newly disclosed vulnerabilities ready to be exploited by these same techniques. Labelling all of these as "input validation flaws" isn't helping anymore. In this Turbo Talk we turn the situation upside-down to get a better perspective, and cover specific techniques to address the problems. Mike Pomraning is a systems and process troubleshooter, finding trouble and shooting it. He works for SecurePipe, Inc., a managed security services provider, and holds a CISSP. He prefers to debug application misbehavior with code traces, kernel traces and packet dumps, though at higher layers he prefers dialogue and audit. Along the way has written a few helpful programs, including pynids, a python wrapper to the libnids NIDS framework, and more perl than he can recall.