Strong typing for a secure web
Henri Binsztok, CEO of MLstate
Abstract:
The web applications are an example of where obtaining tangible security guarantees is often a difficult task. Usual web platforms commonly require the use of three or four different programming languages together with their respective execution environments and configuration. While each language separately is already a source of vulnerabilities, the combination of several languages designed independently of each other in practice created insurmountable difficulties for the non-expert programmer, and potentially as many security vulnerabilities exploitable by an attacker. Noting that the vast majority of attacks use a small number of conventional techniques (buffer overflows, script injection, trapping by malicious code ...), we will present a range of methods to prevent the main sources vulnerability of web servers and the resulting OPA technology developed at MLstate upon these principles. More info @ http://mlstate.com