Arsenal Intermediate 10:00 - 12:00 August 13, 2023

Yariv Tal

Enables forwarding mixed trusted/untrusted concatenated data that can be sanitized at the point of use, when the sanitization requirements are known, instead of at the point of input.

Examples: With Pasteur this classic sql injection code sql << pstr / "select email from demo.useremails where username = " + name + " and type=" + emailType; is automatically converted into a parameterized sql query

This os injection code System(pstr / "ping " + hostname) automatically sanitizes the hostname parameter.

See more at https://github.com/SecureFromScratch/pasteur

Yariv Tal

Security Aware Developers Mentor

Senior developer turned security researcher, with 4 decades of programming experience, university lecturing and mentoring at bootcamps, he has a fresh look at the world of security, as an outsider looking in.