Towards programming languages free of injection-based vulnerabilities by design

Injection attacks (SQL or other) are still all too common, and for good reason: the vulnerability stems from the structure of the languages themselves. In this presentation, I will discuss the applications of theoretical work on the definition of injection vulnerabilities, and I will show that it is possible to create languages that are not vulnerable to these attacks. I will use an example to illustrate this: slight modifications to the LDAP language make it possible to obtain a more secure version.