Curing the Vulnerable Parser: Design Patterns for Secure Input Handling (2017) [pdf] (usenix.org) 49 points by DyslexicAtheist 7y ago ↗ HN
[–] WallWextra 7y ago ↗ I am betraying my ignorance with this question, but: On the last page, the authors claim that SQL queries are commonly constructed by concatenating strings. Was this still, in fact, common in 2017? If it was, that's very scary. [–] wonthegame 7y ago ↗ https://docs.oracle.com/javase/tutorial/jdbc/basics/processi...Seems so. [–] daotoad 7y ago ↗ Injection is the #1 class of bug in the OWASP top 10 for 2017.https://www.owasp.org/index.php/Top_10-2017_A1-InjectionIs there any escape?
[–] daotoad 7y ago ↗ Injection is the #1 class of bug in the OWASP top 10 for 2017.https://www.owasp.org/index.php/Top_10-2017_A1-InjectionIs there any escape?
3 comments
[ 3.0 ms ] story [ 11.7 ms ] threadSeems so.
https://www.owasp.org/index.php/Top_10-2017_A1-Injection
Is there any escape?