Developed by Dr Sergey Bratus, Meredith L. Patterson, and the late Len Sassaman, LangSec theory seeks to address these and other problems:
1. Every piece of software has a way to recognize valid requests and reject invalid or malicious ones. The problem is that the way the software does this is often has no internal logic, spread throughout the program, and interspersed with processing logic (a “shotgun parser”). This lends the processing logic to exploitation and programmers to false assumptions of data safety.
2. When a piece of software accepts imprecise requests, it require the allocation of more computing power. This unneeded computing power is a gift to attackers looking to inject bad code. Precise language parsing reduces the computing power needed. The power that is not there cannot be hijacked.
3. Hard-to-parse protocols require complex parsers. Complex, buggy parsers become weird machines for exploits to run on.
4. Software protocols and file formats that can be mimicked by an attacker are the worst offenders because it is impossible for them to draw a distinction between a valid and malicious code. Such Turing-complete input languages destroy security for generations of users.