
Curing the Vulnerable Parser: Design Patterns for Secure Input Handling (2017) [pdf] - DyslexicAtheist
https://www.usenix.org/system/files/login/articles/login_spring17_08_bratus.pdf
======
WallWextra
I am betraying my ignorance with this question, but: On the last page, the
authors claim that SQL queries are commonly constructed by concatenating
strings. Was this still, in fact, common in 2017? If it was, that's very
scary.

~~~
daotoad
Injection is the #1 class of bug in the OWASP top 10 for 2017.

[https://www.owasp.org/index.php/Top_10-2017_A1-Injection](https://www.owasp.org/index.php/Top_10-2017_A1-Injection)

Is there any escape?

