Trials and Tribulations in Applying Lang Sec presented at ToorCamp 2014

by Joe Rozner, Stephen Weinberg,

Summary : The goal of Language-Theoretic Security, or Lang Sec, is to identify and stop security flaws that exist because of accepting invalid input and/or valid input that causes unexpected behavior in the host application. The former is nothing new and something we’ve seen for decades. The latter however is something more interesting and more difficult to detect completely. These occurrences have been dubbed weird machines by the language security community.
One common attack we’ve identified, that directly represent these two cases, is SQL injection. This attack can take advantage of host applications accepting invalid user data and applications accepting valid input that can be used to control the execution of the application in ways unexpected such as modifying a query to return a malicious result set or using boolean logic to extract data or information about the database. Through the use of syntactic and semantic analysis it is possible to ensure that all input adheres to a ruleset that the developer can define, fixing these problems.
The last segment will explore directly the implementation of our solution to this attack mentioned above and share some of the success and failures we’ve had along the way. We’ll look at common tooling that exists and our experiences with it; explaining what we’ve found that works and what doesn’t.