Taking on the King: Killing Injection Vulnerabilities
Justin Collin at AppSec California 2018
How do we dismantle the reign of dangerous and prevalent vulnerabilities? "Injection" has crowned the OWASP Top 10 since 2010, while cross-site scripting (a type of injection) has maintained placement in the top four since 2003. If these two vulnerabilities are well-understood, well-documented, and have "clear" solutions, why have they remained on the OWASP Top 10 for nearly 15 years? Let's take a step back to examine what causes injection (and XSS) vulnerabilities and potential plans for their dethronement.
Justin has been an application security engineer at SurveyMonkey, Twitter, and AT&T Interactive, and is the primary author of Brakeman, an open source static analysis security tool for Ruby on Rails.
Justin has been an application security engineer at SurveyMonkey, Twitter, and AT&T Interactive, and is the primary author of Brakeman, an open source static analysis security tool for Ruby on Rails.