Input-based attacks like Buffer Overflows, Cross-Site Scripting (XSS), and XXE are common in today’s software. And they do not go away. But why is that? Shouldn’t one assume that existing frameworks handle input correctly, and free developers from struggling with correctly implementing input handling over and over again? Sadly, the answer is no.
In this post I wrap up some ideas of Language Security Langsec which find a general solution to this problem and provide some tools to fix it.
Read more at Dev.to