Secure Suite
Code injection is a software vulnerability through which a malicious user can make an application run unauthorized code.
In this web page you can find a set of tools that can counter code injection attacks based on a generic approach.
To detect an attack our scheme uses location-specific signatures to validate code statements.
The signatures are unique identifiers that represent specific characteristics of a statement execution.
You can see our proposed scheme as a UML activity diagram
here.
We have applied our approach succesfully to defend aginst attacks targetting SQL, XPath and Javascript