Eliminating Input-Based Attacks by Deriving Automated Encoders and Decoders from Context-Free Grammars

Explore a 25-minute IEEE conference talk that delves into eliminating input-based attacks through automated encoder and decoder derivation from context-free grammars. Learn about McHammerCoder, an innovative (un)parser and encoding generator supporting both textual and binary languages. Discover how this tool automatically applies generated encodings derived from language grammars, effectively preventing injections without manual encoding definition. Gain insights into improving software system security by addressing vulnerabilities arising from complex communication languages, including arbitrary code execution and cross-site scripting in HTML and JSON. Understand the importance of correct parsing and unparsing in developing secure and reliable systems, and how McHammerCoder provides developers with proper input and output handling code for custom languages.

Eliminating Input-Based Attacks by Deriving Encoders and Decoders from CFGs