Open Web Application Security Project (OWASP) - May Meeting

LangSec attempts to solve specific classes of vulnerabilities that arise from improperly handling input in an application. Two of the most common web based attacks that LangSec lends itself to nicely are XSS and SQL injection. A LangSec Primer will describe the underlying problem that LangSec attempts to solve and use these two vulnerability classes as an example to do so. We'll begin with a short introduction to formal language theory and move on to look at some approaches to solving both of these classes of vulnerabilities before diving into some of the tools that are available to to help build your own solutions.

Joe Rozner is a lead software engineer at Prevoty where he has built semantic analysis tools and worked to develop new methods to more accurately detect SQL injection and Cross Site Scripting (XSS). His focus on LangSec and formal languages has allowed him to develop novel approaches to traditionally difficult problems in the security space. In his spare time he’s developed custom system call level sandboxes, rich web applications, and applications at all levels between.