Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore a critical security vulnerability in CSV data handling through this 15-minute conference presentation from WOOT '25. Learn about formula injection attacks that exploit the lack of separation between data and text in CSV format, allowing malicious formulas to execute when imported into spreadsheet applications like Microsoft Excel. Discover how researchers analyzed eight spreadsheet applications and four libraries to assess security protections, revealing significant gaps in defense mechanisms. Understand the development and application of CSVScan, a static analysis tool designed to detect user-controlled input reaching CSV exports in open-source Java applications. Examine real-world findings where researchers identified eight applications with risky code patterns, including four that proved vulnerable in realistic attack scenarios where unprivileged users could target higher-privileged users. Gain insights into the security implications for sensitive industries including finance, supply chain management, and human resources that rely heavily on CSV data exchange and spreadsheet analysis.
