Tools
Sorted by:
Try your query at:
 |
 |
 |
 |
 |
 |
Results 1 - 10
of
103
Sound and Precise Analysis of Web Applications for Injection Vulnerabilities
- PLDI'07
, 2007
"... Web applications are popular targets of security attacks. One common type of such attacks is SQL injection, where an attacker exploits faulty application code to execute maliciously crafted database queries. Both static and dynamic approaches have been proposed to detect or prevent SQL injections; w ..."
Abstract
-
Cited by 161 (5 self)
- Add to MetaCart
Web applications are popular targets of security attacks. One common type of such attacks is SQL injection, where an attacker exploits faulty application code to execute maliciously crafted database queries. Both static and dynamic approaches have been proposed to detect or prevent SQL injections
Finding Security Vulnerabilities in Java Applications with Static Analysis
, 2005
"... This paper proposes a static analysis technique for detecting many recently discovered application vulnerabilities such as SQL injections, cross-site scripting, and HTTP splitting attacks. These vulnerabilities stem from unchecked input, which is widely recognized as the most common source of securi ..."
Abstract
-
Cited by 169 (3 self)
- Add to MetaCart
This paper proposes a static analysis technique for detecting many recently discovered application vulnerabilities such as SQL injections, cross-site scripting, and HTTP splitting attacks. These vulnerabilities stem from unchecked input, which is widely recognized as the most common source
MUSIC: Mutation-based SQL Injection Vulnerability Checking
- THE EIGHTH INTERNATIONAL CONFERENCE ON QUALITY SOFTWARE
, 2008
"... SQL injection is one of the most prominent vulnerabilities for web-based applications. Exploitation of SQL injection vulnerabilities (SQLIV) through successful attacks might result in severe consequences such as authentication bypassing, leaking of private information etc. Therefore, testing an appl ..."
Abstract
-
Cited by 12 (3 self)
- Add to MetaCart
SQL injection is one of the most prominent vulnerabilities for web-based applications. Exploitation of SQL injection vulnerabilities (SQLIV) through successful attacks might result in severe consequences such as authentication bypassing, leaking of private information etc. Therefore, testing
VULNERABILITIES
"... Abstract — Over the past few years, injection vulnerabilities have become the primary target for remote exploits. SQL injection, command injection, and cross-site scripting are some of the popular attacks that exploit these vulnerabilities. Many web applications written in ASP suffer from injection ..."
Abstract
- Add to MetaCart
, constructing control flow graph is constructed based on the use of data flow analysis of the relevant information, taint data propagate to various kinds of vulnerability functions, and detect the XSS or SQL Injection vulnerability in web application’s source code. Results show the benefits of the tool
SQL-IDS: a specification-based approach for SQL-injection detection,"
- in Proceedings of the 2008 ACM symposium on Applied computing (SAC'2008),
, 2008
"... ABSTRACT Vulnerabilities in web applications allow malicious users to obtain unrestricted access to private and confidential information. SQL injection attacks rank at the top of the list of threats directed at any database-driven application written for the Web. An attacker can take advantages of ..."
Abstract
-
Cited by 21 (0 self)
- Add to MetaCart
of web application programming security flaws and pass unexpected malicious SQL statements through a web application for execution by the back-end database. This paper proposes a novel specification-based methodology for the detection of exploitations of SQL injection vulnerabilities. The new approach
Using parse tree validation to prevent SQL injection attacks
- In Proceedings of the International Workshop on Software Engineering and Middleware (SEM) at Joint FSE and ESEC
, 2005
"... An SQL injection attack targets interactive web applications that employ database services. Such applications accept user input, such as form fields, and then include this input in database requests, typically SQL statements. In SQL injection, the attacker provides user input that results in a diffe ..."
Abstract
-
Cited by 83 (1 self)
- Add to MetaCart
An SQL injection attack targets interactive web applications that employ database services. Such applications accept user input, such as form fields, and then include this input in database requests, typically SQL statements. In SQL injection, the attacker provides user input that results in a
A Static Analysis Framework For Detecting SQL Injection Vulnerabilities
"... Recent studies have shown that SQL injection attack has been a major threat to web applications. Via carefully crafted user input, attackers can expose or manipulate contents of the back-end database of a web application. This paper outlines the design of a static analysis framework (called SAFELI) ..."
Abstract
- Add to MetaCart
) for identifying SQL injection vulnerabilities of a web application at compile time. SAFELI statically inspects the MSIL bytecode of an ASP.NET web application, using symbolic execution. At each hot-spot that submits SQL statements, based on a collection of attack patterns represented using regular expressions, a
Toward Automated Detection of Logic Vulnerabilities in Web Applications
"... Web applications are the most common way to make services and data available on the Internet. Unfortunately, with the increase in the number and complexity of these applications, there has also been an increase in the number and complexity of vulnerabilities. Current techniques to identify security ..."
Abstract
-
Cited by 41 (4 self)
- Add to MetaCart
problems in web applications have mostly focused on input validation flaws, such as crosssite scripting and SQL injection, with much less attention devoted to application logic vulnerabilities. Application logic vulnerabilities are an important class of defects that are the result of faulty application
Automatic Generation of XSS and SQL Injection Attacks with Goal-directed Model Checking
"... Cross-site scripting (XSS) and SQL injection errors are two prominent examples of taint-based vulnerabilities that have been responsible for a large number of security breaches in recent years. This paper presents QED, a goal-directed model-checking system that automatically generates attacks exploi ..."
Abstract
-
Cited by 38 (0 self)
- Add to MetaCart
Cross-site scripting (XSS) and SQL injection errors are two prominent examples of taint-based vulnerabilities that have been responsible for a large number of security breaches in recent years. This paper presents QED, a goal-directed model-checking system that automatically generates attacks
Mining SQL injection and cross site scripting vulnerabilities using hybrid program analysis
- in Proceedings of the 35th International Conference on Software Engineering (ICSE ’13
, 2013
"... Abstract—In previous work, we proposed a set of static attributes that characterize input validation and input sanitization code patterns. We showed that some of the proposed static attributes are significant predictors of web application vulnerabilities related to SQL injection and cross site scrip ..."
Abstract
-
Cited by 7 (0 self)
- Add to MetaCart
Abstract—In previous work, we proposed a set of static attributes that characterize input validation and input sanitization code patterns. We showed that some of the proposed static attributes are significant predictors of web application vulnerabilities related to SQL injection and cross site
Results 1 - 10
of
103
