The presentation discusses the vulnerabilities of the Tickle language and provides tools for detecting and preventing injection attacks.
- Tickle language is loosely defined and vulnerable to injection attacks
- The presenter provides a tool for detecting injection vulnerabilities in Tickle code
- Unit testing with the tool 'Testicle' can help catch bugs in Tickle code
- Code review is important for preventing injection attacks in Tickle code
The presenter discusses a tool called 'I Rule Detector' which can replace every field in a request and detect injection vulnerabilities. The tool has found many vulnerabilities in open source code without requiring manual review.