Web Application Injection Vulnerabilities: A Web App's Security Nemesis?

by Erik Couture
Sept. 1, 2017 0 comments SANS Institute Pen Testing & Audits application and database security

A great number of web application vulnerabilities are leveraged through client-side submission of unexpected inputs. While it is clear these vulnerabilities are complex and widespread, what is not clear is why after over a decade of effort they remain so prevalent. This paper explores a number of methods for combatting this class of threats and assesses why they have not proven more successful. The paper describes the current best practices for minimizing these vulnerabilities and points to promising research and development in the field.