Kaminsky Offers Injection Antidote

Posted by kdawson on Monday June 14, 2010 @09:23PM from the won't-have-xss-to-kick-around-anymore dept.

ancientribe passes along this excerpt from DarkReading.com: "Life's too short to defend broken code. That's the reason renowned researcher Dan Kaminsky says he came up with a brand-new way to prevent pervasive SQL injection, cross-site scripting, and other injection-type flaws in software — a framework that lets developers continue to write code the way they always have, but with a tool that helps prevent them from inadvertently leaving these flaws in their apps. The tool, which he released today for input from the development and security community, basically takes the security responsibility off the shoulders of developers. Putting the onus on them hasn't worked well thus far, he says. Kaminsky's new tool is part of his new startup, Recursive Ventures."

4 of 244 comments (clear)

mysql_real_escape_string() by bcmm · 2010-06-14 22:03 · Score: 2, Funny

This sounds an awful lot like a special version of mysql_real_escape_string() with extra buzzwords.

--
# cat /dev/mem | strings | grep -i llama
Damn, my RAM is full of llamas.
1. Re:mysql_real_escape_string() by nacturation · 2010-06-14 22:43 · Score: 5, Funny
  
  This sounds an awful lot like a special version of mysql_real_escape_string() with extra buzzwords.
  Soon to be deprecated and replaced by mysql_gosh_we_mean_it_this_time_escape_string()
  
  --
  Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
Re:How is it different from what other frameworks by Anonymous Coward · 2010-06-14 22:22 · Score: 1, Funny

how is it ground breaking ?
dude, it's a renowned researcher, and he's got a shovel.
Re:This is advertisement, not a story by Rogerborg · 2010-06-14 23:23 · Score: 1, Funny

This is advertisement, not a story
What part of "kdawson" is confusing you?

--
If you were blocking sigs, you wouldn't have to read this.