Some progress/ some frustration

Florian Thiel — Tue, 16 Dec 2008 19:06:35 +0000

The Computer Security department of TU Berlin kindly agreed to host a presentation about my diploma thesis on Tuesday, Dec 18th. I was able to talk to a very technically versed audience about my (not so) new technical approach to XSS and SQLIA (“let the framework take care of it”). Thanks a lot, guys!

Despite the fruitful discussion I’m still not sure about the feasibility of a “rich types in frameworks” solution. There’s not too much to be gained over a conservative approach used in e.g. Django (escape everything, use other markup languages than HTML).

Nevertheless, here’s the presentation…

2 Roads to Redemption – Thoughts on XSS and SQLIA

View SlideShare document or Upload your own. (tags: sqlia xss)

Open Source, Processes, Web Security and my thesis

Florian Thiel — Thu, 06 Nov 2008 12:09:14 +0000

I’m in the process of writing my Diploma Thesis about how to prevent injection-related (XSS and SQLIA) vulnerabilities at the Software Engineering working group of the computer science department at Freie Universität Berlin.

For now, there’s not much to see here. Please have a look at the wiki page about my thesis and a concept presentation I gave at the department on 11/06/2008:

Whatever it takes – Fixing SQLIA and XSS in the process

View SlideShare presentation or Upload your own. (tags: xss sqlia)

Check back soon, I’ll update the page with early draft versions of the thesis. There will also be articles about selected topics of my research in the blog.

subtitles » diploma thesis

Some progress/ some frustration

Open Source, Processes, Web Security and my thesis