Could Interpolique from Recursion Ventures lead to more secure web applications? String injection flaws (which enable Cross-site scripting, SQL injection and such) still occur in spite of memory-safe languages and repetitive encouragement to parametrize and escape strings. Developers still allow inadequately sanitized strings through.
Interpolique attempts to:
- *Retain* the boundary between code and data
- *Translate* the string provided by the developer, into one where the receiving language (SQL, Javascript) can unambiguously respect that boundary
Web Security at Google Code University
Microsoft Anti-Cross Site Scripting Library V4.2 (AntiXSS V4.2) is an encoding library designed to help developers protect their ASP.NET web-based applications from XSS attacks.
Microsoft Code Analysis Tool .NET (CAT.NET) v1 CTP (32-bit) (64-bit) CAT.NET is a binary code analysis tool that helps identify common variants of certain prevailing vulnerabilities that can give rise to common attack vectors such as Cross-Site Scripting (XSS), SQL Injection and XPath Injection.
PHP data sanitizing discussion at stackoverflow and stackoverflow.
