Shotgun Parsers in the Cross-Hairs

Explore a critical security talk from BruCON Security Conference that delves into the dangers of "shotgun parsers" in code that handles input data. Learn why these parsers, which mix data processing and recognition throughout a codebase, are considered the primary cause of widespread insecurity in internet-facing programs. Examine examples of shotgun parsers across TCP/IP stack layers and their associated exploits. Discover a principled approach to building recognizers that can help eliminate these vulnerabilities. Gain practical insights on applying the "full recognition before processing" axiom using tools like the Hammer parsing library and the Ragel state machine compiler. Understand how proper input handling and recognition can protect against memory corruption and other security threats in software development.

Shotgun parsers in the cross-hairs