Web application vulnerabilities are an important entry vector for threat actors. Indeed, according to the 2019
Verizon Data Breach Incident Report
, web applications, privilege misuse and miscellaneous errors account for 81 per cent of breaches of retail organizations.
In
a paper
presented at VB2019 in London, Prismo Systems researchers Abhishek Singh and Ramesh Mani discussed code injection vulnerabilities and presented a tool that could detect SQL, NoSQL and OS command injection exploitation.
Now, in a follow-up paper, Abhishek and Ramesh detail algorithms that can be used to detect SQL injection in stored procedures, persistent cross-site scripting (XSS), and server‑side request forgery (SSRF) by instrumenting web applications.
You can read both papers in both HTML and PDF format:
Leave a Reply