查看文章

Input-handling vulnerabilities have been a constant source of security problems for decades. Many famous recent bugs are in fact input-handling bugs. We argue that the techniques for writing parsers in its present form are insufficient, and hence we propose a new pattern. In this tutorial, we will show participants a new design pattern for designing and implementing parsers using this new method. Participants will witness how this new method leads to more readable code that is easier to audit - while also inherently preventing many input-handling mistakes and having a small CPU footprint.