An introduction to functional programming
An introduction to functional programming
Programming Ruby: the pragmatic programmer's guide
Programming Ruby: the pragmatic programmer's guide
Certification of programs for secure information flow
Communications of the ACM
Learning Python
Practical Mod_PERL
Securing web application code by static analysis and runtime protection
Proceedings of the 13th international conference on World Wide Web
Dynamic Taint Propagation for Java
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Encoding Information Flow in Haskell
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Guest Editor's Introduction: The State of Web Security
IEEE Security and Privacy
Finding security vulnerabilities in java applications with static analysis
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
A Library for Secure Multi-threaded Information Flow in Haskell
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
A library for light-weight information-flow security in haskell
Proceedings of the first ACM SIGPLAN symposium on Haskell
Efficient and extensible security enforcement using dynamic data flow analysis
Proceedings of the 15th ACM conference on Computer and communications security
TAJ: effective taint analysis of web applications
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
A hybrid analysis framework for detecting web application vulnerabilities
IWSESS '09 Proceedings of the 2009 ICSE Workshop on Software Engineering for Secure Systems
Defending against injection attacks through context-sensitive string evaluation
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
From dynamic to static and back: riding the roller coaster of information-flow control research
PSI'09 Proceedings of the 7th international Andrei Ershov Memorial conference on Perspectives of Systems Informatics
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
A formalisation of java strings for program specification and verification
SEFM'11 Proceedings of the 9th international conference on Software engineering and formal methods
Towards a taint mode for cloud computing web applications
Proceedings of the 7th Workshop on Programming Languages and Analysis for Security
Secure multi-execution in haskell
PSI'11 Proceedings of the 8th international conference on Perspectives of System Informatics
25 million flows later: large-scale detection of DOM-based XSS
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Hi-index | 0.00 |
Vulnerabilities in web applications present threats to on-line systems. SQL injection and cross-site scripting attacks are among the most common threats found nowadays. These attacks are often result of improper or none input validation. To help discover such vulnerabilities, popular web scripting languages like Perl, Ruby, PHP, and Python perform taint analysis. Such analysis is often implemented as an execution monitor, where the interpreter needs to be adapted to provide a taint mode. However, modifying interpreters might be a major task in its own right. In fact, it is very probably that new releases of interpreters require to be adapted to provide a taint mode. Differently from previous approaches, we show how to provide taint analysis for Python via a library written entirely in Python, and thus avoiding modifications in the interpreter. The concepts of classes, decorators and dynamic dispatch makes our solution lightweight, easy to use, and particularly neat. With minimal or none effort, the library can be adapted to work with different Python interpreters.