Sökning: onr:"swepub:oai:research.chalmers.se:70421f30-5e88-47cc-9a97-081876b060be" >
A Taint Mode for Py...
A Taint Mode for Python via a Library
-
Conti, Juan Jóse, 1985 (författare)
-
- Russo, Alejandro, 1978 (författare)
- Chalmers tekniska högskola,Chalmers University of Technology
-
(creator_code:org_t)
- 2010
- 2010
- Engelska.
-
Ingår i: OWASP AppSec Research 2010.
- Relaterad länk:
-
https://research.cha...
Abstract
Ämnesord
Stäng
- Vulnerabilities in web applications present threats to on-line systems.SQL injection and cross-site scripting attacks are among the most common threatsfound nowadays. These attacks are often result of improper or none input validation.To help discover such vulnerabilities, taint analyses have been developed inpopular web scripting languages like Perl, Ruby, PHP, and Python. Such analysisare often implemented as an execution monitor, where the interpreter needs tobe adapted to provide a taint mode. However, modifying interpreters might be amajor task in its own right. In fact, it is very probably that new releases of interpretersrequire to be adapted to provide a taint mode. Differently from previousapproaches, we show how to provide a taint analysis for Python via a library writtenentirely in Python, and thus avoiding modifications in the interpreter. The conceptsof classes, decorators and dynamic dispatch makes our solution lightweight,easy to use, and particularly neat. With minimal or none effort, the library can beadapted to work with different Python interpreters.
Ämnesord
- NATURVETENSKAP -- Data- och informationsvetenskap -- Programvaruteknik (hsv//swe)
- NATURAL SCIENCES -- Computer and Information Sciences -- Software Engineering (hsv//eng)
- NATURVETENSKAP -- Data- och informationsvetenskap -- Datavetenskap (hsv//swe)
- NATURAL SCIENCES -- Computer and Information Sciences -- Computer Sciences (hsv//eng)
Publikations- och innehållstyp
- kon (ämneskategori)
- ref (ämneskategori)