Secure Code Generation for Web Applications
- Martin Johns | University of Passau
A large percentage of recent security problems, such as Cross-site Scripting or SQL injection, is caused by string-based code injection vulnerabilities. Most of these vulnerabilities exist because of implicit code creation through string serialization. Based on an analysis of the vulnerability class’ underlying mechanisms, we propose a general approach to out?t modern programming languages with mandatory means for explicit and secure code generation which provide strict separation between data and code. Using an exemplified implementation for the languages Java and HTML/JavaScript respectively, we show how our approach can be realized and enforced.
Speaker Details
Martin Johns studied Mathematics and Computer Science at the Universities of Göttingen, Santa Cruz (CA) and Hamburg where he received his diploma in 2003. During the 1990s and the early years of the new millennium he earned his living as a software engineer in German companies (including Infoseek Germany, TC Trustcenter and SAP). In 2005 he joined the “security in distributed systems” group at the University of Hamburg to work on the project “Secologic”, which was investigating the state of the art in software security. Currently he works as research assistant at the University of Passau where he is currently applying the finishing touches to his PhD thesis while working in research projects with industry partners, such as Siemens, Fraunhofer, and SAP.
-
-
Jeff Running
-
-
Watch Next
-
-
-
Accelerating MRI image reconstruction with Tyger
- Karen Easterbrook,
- Ilyana Rosenberg
-
-
-
-
From Microfarms to the Moon: A Teen Innovator’s Journey in Robotics
- Pranav Kumar Redlapalli
-
-
-
