[WEB SECURITY] Taint propagation for Java

vh at vivekhaldar.com vh at vivekhaldar.com
Wed Dec 21 16:45:57 EST 2005


We have implemented a taint propagation scheme (similar to Perl's, but
with some important differences) for Java that helps prevent command
injection attacks in web applications.

Summary: http://www.vivekhaldar.com/blog/?p=19

I've also compiled a list of ongoing research in web application security,
which some folks may find useful:

http://www.vivekhaldar.com/blog/?p=23

It is not downloadable (yet), but comments, questions, feedback are most
welcome. I am especially interested in hearing from web developers ---
would something like this help you?

Regards,
Vivek.





---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/



More information about the websecurity mailing list