Web applications are increasingly popular victims of security attacks. Injection attacks, such as Cross Site Scripting or SQL Injection, are a persistent problem. Even though developers are aware of them, the suggested best practices for protection are error prone: unless all user input is consistently filtered, any application may be vulnerable. When hosting web applications, administrators fa...

Web applications are becoming an essential part of our everyday lives. Many of our activities are dependent on the functionality and security of these applications. As the scale of these applications grows, injection vulnerabilities such as SQL injection are major security challenges for developers today. This paper presents the technique of automatic query sanitization to automatically remove ...

Code reuse and code injection attacks have become the popular techniques for advanced persistent threat (APT) to bypass exploit-mitigation mechanisms deployed in modern operating systems. Meanwhile, complex, benign programs such as Microsoft Office employ many advanced techniques to improve the performance. Code execution patterns generated by these techniques are surprisingly similar to exploi...

In this paper, we apply a well-known measure from information theory domain called Kullback-Leibler distance (or divergence) (KLD) to detect the symptoms of code injection attacks early during programme runtime. We take advantage of the observation that during code injection attack, the intended structure deviates from the expected structure. The KLD can be a suitable measure to capture the dev...

HTML5-based mobile apps become more and more popular, mostly because they are much easier to be ported across different mobile platforms than native apps. HTML5-based apps are implemented using the standard web technologies, including HTML5, JavaScript and CSS; they depend on some middlewares, such as PhoneGap, to interact with the underlying OS. Knowing that JavaScript is subject to code injec...

A technique commonly used by malware for hiding on a targeted system is the host-based code injection attack. It allows malware to execute its code in a foreign process space enabling it to operate covertly and access critical information of other processes. Since there exists a plethora of different ways for injecting and executing code in a foreign process space, a generic approach spanning a...