Arsenal
Intermediate
10:00
-
12:00
August 13, 2023
Yariv Tal
Enables forwarding mixed trusted/untrusted concatenated data that can be sanitized at the point of use, when the sanitization requirements are known, instead of at the point of input.
Examples: With Pasteur this classic sql injection code sql << pstr / "select email from demo.useremails where username = " + name + " and type=" + emailType; is automatically converted into a parameterized sql query
This os injection code System(pstr / "ping " + hostname) automatically sanitizes the hostname parameter.
See more at https://github.com/SecureFromScratch/pasteur