preventing code injection attacks based on a novel approach

Secure Suite

Code injection is a software vulnerability through which a malicious user can make an application run unauthorized code. In this web page you can find a set of tools that can counter code injection attacks based on a generic approach. To detect an attack our scheme uses location-specific signatures to validate code statements. The signatures are unique identifiers that represent specific characteristics of a statement execution. You can see our proposed scheme as a UML activity diagram here. We have applied our approach succesfully to defend aginst attacks targetting SQL, XPath and Javascript