1

Topic: [ANN] LibProtection.NET beta

We opened public testing of the.NET-version of library LibProtection. For those who took part in my report with November DotNext and in course of that this library does: the repository and the test site imitating vulnerable application, protected by means of LibProtection are accessible. On a site it is possible to appreciate its functionality and to test on possible  and false actuatings (here we will be glad to any help). For those who not in course: LibProtection gives alternative implementation  and the interpolated lines which allows developers not to reflect on a problem of injections in various grammar: about  the input data, them  within the limits of a problem of injections - here it is all. Already are now supported grammar HTML, URL, JavaScript, SQL and file ways. It works approximately so: At formatting/interpolirovanii of a line it is automatically defined  a context for each of  on which basis function of coding of the value transferred in  is deduced. Further, the deduced functions are applied also result of formatting/interpolation is exposed  to the formal signs of attacks of an injection (which the report mentioned above has been devoted). If  it is completed successfully the resultant line is given to the code which has caused library. If is not present, the exception is thrown out, or returned false (depending on what of library methods has been used). To be played with specific examples of operation of library as I already wrote above, it is possible on a test site... <<RSDN@Home 1.3.16 alpha 5 rev. 60>>

2

Re: [ANN] LibProtection.NET beta

This Thursday I take , devoted to principles of operation of library and the formal model of attacks of injections. Also I will tell (and I will show on specific examples) why parametrization and the objective approach are not panacea and can lead to origin , even in the elementary cases. The involvement in  free, is required registration (under the link above)