Buggy parsers are an important source of security vulnerabilities in software: many attacks use malicious inputs designed to exploit parser bugs. Some security flaws in input handling do not exploit parser bugs, but exploit correct—albeit unexpected—parsing of inputs caused by the forwarding of inputs between systems or components. This article, based on an earlier workshop paper, discusses anti-patterns and remedies for this type of flaw, including the anti-pattern mentioned in the title.
Download Article:
Article Section:
SECURITY
;login: issue: