libinjection: from SQLi to XSS presented at OWASPAppSecCalifornia 2014

by Nick Galbreath,

Summary : libinjection was introduced at Black Hat USA 2012 to quickly and accurately detect SQLi attacks from user inputs. Two years later the algorithm has been used by a number of open-source and proprietary WAFs and honeypots. This talk will introduce a new algorithm for detecting XSS attacks. Like the SQLi libinjection algorithm, this does not use regular expressions, is very fast, and has a low false positive rate. Also like the original libinjection algorithm, this is available on GitHub with free license. We’ll discuss the current state of libinjection SQLi, how SQLi and XSS differ semantically from an defenders point of view, how the libinjection algorithm works, the current results and availability.