Abstract
Injection-based attacks have consistently made the Open Web Application Security Project (OWASP)Top 10 vulnerabilities for years. 1 Common types of injection attacks include SQL injection, cross-site scripting (XSS) and code injection. Filter engines are used to detect and sanitise user inputs for these malicious attacks. The user input is assumed to be tainted by default. Thus, the ability of a filter in terms of accuracy and latency is important. There exist various approaches to improve filters, primarily including techniques based on regular expressions (regexes), abstract syntax tree, machine learning and so on. However, the testing of modern solutions has achieved no more than 98.5% accuracy for XSS. This article looks at ways to improve accuracy.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.