Web Application Injection Vulnerabilities: A Web App's Security Nemesis?

by Erik Couture Sept. 1, 2017 via SANS Institute

A great number of web application vulnerabilities are leveraged through client-side submission of unexpected inputs. While it is clear these vulnerabilities are complex and widespread, what is not clear is why after over a decade of effort they remain so prevalent. This paper explores a number of methods for combatting this class of threats and assesses why they have not proven more successful. The paper describes the current best practices for minimizing these vulnerabilities and points to promising research and development in the field.

https://www.sans.org/reading-room/whitepapers/application/web-application-injection-vulnerabiliti...