acm-header
Sign In

Communications of the ACM

ACM News

Kaminsky Issues Developer Tool To Kill Injection Bugs


Renowned security researcher Dan Kaminsky today went public with the launch of a new venture as well as its first deliverable--a tool for application developers that helps prevent pervasive string injection-type attacks, such as SQL injection and cross-site scripting (XSS).

Kaminsky says his New York-based startup, Recursion Ventures, will productize research that breaks new ground in both security and technology, in general. His first deliverable is Interpolique, a tool that offloads much of the security responsibility from the developer, which he considers crucial to yielding more secure applications. "Security development tends not to care how inconvenient it is for developers," Kaminsky says. "[This is] about meeting developers halfway."

The trouble with today's model for writing more secure code and sidestepping known injection attacks, Kaminsky says, is it makes development much more difficult and requires more work for developers. The result: Developers often don't bother adopting these practices at all, resulting in insecure code, he says. "A lot of advice we give in security tells people to write things in a way that makes code hard to work with and use ... I think that's unnecessary," he says. "Our hope is to make an easier way to write code that's also the most secure."

From Dark Reading
View Full Article


 

No entries found