... Een wandeling maken, het bekende DB-rondje, bood dan uitkomst. Maar gelukkig heb ik ook veel ... more ... Een wandeling maken, het bekende DB-rondje, bood dan uitkomst. Maar gelukkig heb ik ook veel aan mijn begeleiders en de mensen op de vakgroep gehad om inspiratie en nieuwe ideeën op te doen. Ook de zogenoemde DB Colloquia hebben daar zeker aan bijgedragen. ...
Proceedings of the 27th Annual Acm Symposium on Applied Computing, Mar 26, 2012
Web applications have become an integral part of the daily lives of millions of users. Unfortunat... more Web applications have become an integral part of the daily lives of millions of users. Unfortunately, web applications are also frequently targeted by attackers, and attacks such as XSS and SQL injection are still common. In this paper, we present an empirical study of more than 7000 input validation vulnerabilities with the aim of gaining deeper insights into how these common web vulnerabilities can be prevented. In particular, we focus on the relationship between the specific programming language used to develop web applications and the vulnerabilities that are commonly reported. Our findings suggest that most SQL injection and a significant number of XSS vulnerabilities can be prevented using straight-forward validation mechanisms based on common data types. We elaborate on these common data types, and discuss how support could be provided in web application frameworks.
Proceedings of the 27th Annual ACM Symposium on Applied Computing - SAC '12, 2012
Web applications have become an integral part of the daily lives of millions of users. Unfortunat... more Web applications have become an integral part of the daily lives of millions of users. Unfortunately, web applications are also frequently targeted by attackers, and attacks such as XSS and SQL injection are still common. In this paper, we present an empirical study of more than 7000 input validation vulnerabilities with the aim of gaining deeper insights into how these common web vulnerabilities can be prevented. In particular, we focus on the relationship between the specific programming language used to develop web applications and the vulnerabilities that are commonly reported. Our findings suggest that most SQL injection and a significant number of XSS vulnerabilities can be prevented using straight-forward validation mechanisms based on common data types. We elaborate on these common data types, and discuss how support could be provided in web application frameworks.
... ACM. 11. Jake Kouns, Kelly Todd, Brian Martin, David Shettler, Steve Tornio, Craig Ingram, an... more ... ACM. 11. Jake Kouns, Kelly Todd, Brian Martin, David Shettler, Steve Tornio, Craig Ingram, and Patrick McDonald. The open source vulnerability database. ... The Internet Society, 2005. 24. Anh Nguyen-Tuong, Salvatore Guarnieri, Doug Greene, Jeff Shirley, and David Evans. ...
Anti-virus vendors are confronted with a multitude of potentially malicious samples today. Receiv... more Anti-virus vendors are confronted with a multitude of potentially malicious samples today. Receiving thousands of new samples every day is not uncommon. The signatures that detect confirmed malicious threats are mainly still created manually, so it is important to discriminate between samples that pose a new unknown threat and those that are mere variants of known malware. This survey article provides an overview of techniques based on dynamic analysis that are used to analyze potentially malicious samples. It also covers analysis programs that leverage these It also covers analysis programs that employ these techniques to assist human analysts in assessing, in a timely and appropriate manner, whether a given sample deserves closer manual inspection due to its unknown malicious behavior.
... Een wandeling maken, het bekende DB-rondje, bood dan uitkomst. Maar gelukkig heb ik ook veel ... more ... Een wandeling maken, het bekende DB-rondje, bood dan uitkomst. Maar gelukkig heb ik ook veel aan mijn begeleiders en de mensen op de vakgroep gehad om inspiratie en nieuwe ideeën op te doen. Ook de zogenoemde DB Colloquia hebben daar zeker aan bijgedragen. ...
Proceedings of the 27th Annual Acm Symposium on Applied Computing, Mar 26, 2012
Web applications have become an integral part of the daily lives of millions of users. Unfortunat... more Web applications have become an integral part of the daily lives of millions of users. Unfortunately, web applications are also frequently targeted by attackers, and attacks such as XSS and SQL injection are still common. In this paper, we present an empirical study of more than 7000 input validation vulnerabilities with the aim of gaining deeper insights into how these common web vulnerabilities can be prevented. In particular, we focus on the relationship between the specific programming language used to develop web applications and the vulnerabilities that are commonly reported. Our findings suggest that most SQL injection and a significant number of XSS vulnerabilities can be prevented using straight-forward validation mechanisms based on common data types. We elaborate on these common data types, and discuss how support could be provided in web application frameworks.
Proceedings of the 27th Annual ACM Symposium on Applied Computing - SAC '12, 2012
Web applications have become an integral part of the daily lives of millions of users. Unfortunat... more Web applications have become an integral part of the daily lives of millions of users. Unfortunately, web applications are also frequently targeted by attackers, and attacks such as XSS and SQL injection are still common. In this paper, we present an empirical study of more than 7000 input validation vulnerabilities with the aim of gaining deeper insights into how these common web vulnerabilities can be prevented. In particular, we focus on the relationship between the specific programming language used to develop web applications and the vulnerabilities that are commonly reported. Our findings suggest that most SQL injection and a significant number of XSS vulnerabilities can be prevented using straight-forward validation mechanisms based on common data types. We elaborate on these common data types, and discuss how support could be provided in web application frameworks.
... ACM. 11. Jake Kouns, Kelly Todd, Brian Martin, David Shettler, Steve Tornio, Craig Ingram, an... more ... ACM. 11. Jake Kouns, Kelly Todd, Brian Martin, David Shettler, Steve Tornio, Craig Ingram, and Patrick McDonald. The open source vulnerability database. ... The Internet Society, 2005. 24. Anh Nguyen-Tuong, Salvatore Guarnieri, Doug Greene, Jeff Shirley, and David Evans. ...
Anti-virus vendors are confronted with a multitude of potentially malicious samples today. Receiv... more Anti-virus vendors are confronted with a multitude of potentially malicious samples today. Receiving thousands of new samples every day is not uncommon. The signatures that detect confirmed malicious threats are mainly still created manually, so it is important to discriminate between samples that pose a new unknown threat and those that are mere variants of known malware. This survey article provides an overview of techniques based on dynamic analysis that are used to analyze potentially malicious samples. It also covers analysis programs that leverage these It also covers analysis programs that employ these techniques to assist human analysts in assessing, in a timely and appropriate manner, whether a given sample deserves closer manual inspection due to its unknown malicious behavior.
Uploads
Papers by Theodoor Scholte