CiteSeerX — Search Results — Formal Analysis of Vulnerabilities of Web Applications Based on SQL Injection.

Results 1 - 10 of 169

Sound and Precise Analysis of Web Applications for Injection Vulnerabilities

by Gary Wassermann, Zhendong Su - PLDI'07 , 2007

"... Web applications are popular targets of security attacks. One common type of such attacks is SQL injection, where an attacker exploits faulty application code to execute maliciously crafted database queries. Both static and dynamic approaches have been proposed to detect or prevent SQL injections; w ..."

Abstract - Cited by 161 (5 self) - Add to MetaCart

Web applications are popular targets of security attacks. One common type of such attacks is SQL injection, where an attacker exploits faulty application code to execute maliciously crafted database queries. Both static and dynamic approaches have been proposed to detect or prevent SQL injections

AMNESIA: Analysis and Monitoring for NEutralizing SQL-Injection Attacks

by William G. J. Halfond, et al. - ASE'05 , 2005

"... The use of web applications has become increasingly popular in our routine activities, such as reading the news, paying bills, and shopping on-line. As the availability of these services grows, we are witnessing an increase in the number and sophistication of attacks that target them. In particular, ..."

Abstract - Cited by 148 (8 self) - Add to MetaCart

, SQL injection, a class of codeinjection attacks in which specially crafted input strings result in illegal queries to a database, has become one of the most serious threats to web applications. In this paper we present and evaluate a new technique for detecting and preventing SQL injection attacks

MUSIC: Mutation-based SQL Injection Vulnerability Checking

by Hossain Shahriar, Mohammad Zulkernine - THE EIGHTH INTERNATIONAL CONFERENCE ON QUALITY SOFTWARE , 2008

"... SQL injection is one of the most prominent vulnerabilities for web-based applications. Exploitation of SQL injection vulnerabilities (SQLIV) through successful attacks might result in severe consequences such as authentication bypassing, leaking of private information etc. Therefore, testing an appl ..."

Abstract - Cited by 12 (3 self) - Add to MetaCart

SQL injection is one of the most prominent vulnerabilities for web-based applications. Exploitation of SQL injection vulnerabilities (SQLIV) through successful attacks might result in severe consequences such as authentication bypassing, leaking of private information etc. Therefore, testing

Finding Security Vulnerabilities in Java Applications with Static Analysis

by V. Benjamin Livshits , Monica S. Lam , 2005

"... This paper proposes a static analysis technique for detecting many recently discovered application vulnerabilities such as SQL injections, cross-site scripting, and HTTP splitting attacks. These vulnerabilities stem from unchecked input, which is widely recognized as the most common source of securi ..."

Abstract - Cited by 169 (3 self) - Add to MetaCart

This paper proposes a static analysis technique for detecting many recently discovered application vulnerabilities such as SQL injections, cross-site scripting, and HTTP splitting attacks. These vulnerabilities stem from unchecked input, which is widely recognized as the most common source

Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper)

by Nenad Jovanovic, Christopher Kruegel, Engin Kirda - IN 2006 IEEE SYMPOSIUM ON SECURITY AND PRIVACY , 2006

"... The number and the importance of Web applications have increased rapidly over the last years. At the same time, the quantity and impact of security vulnerabilities in such applications have grown as well. Since manual code reviews are time-consuming, error-prone and costly, the need for automated so ..."

Abstract - Cited by 212 (23 self) - Add to MetaCart

solutions has become evident. In this paper, we address the problem of vulnerable Web applications by means of static source code analysis. More precisely, we use flow-sensitive, interprocedural and context-sensitive data flow analysis to discover vulnerable points in a program. In addition, alias

The essence of command injection attacks in web applications

by Zhendong Su , 2006

"... Web applications typically interact with a back-end database to retrieve persistent data and then present the data to the user as dynamically generated output, such as HTML web pages. However, this interaction is commonly done through a low-level API by dynamically constructing query strings within ..."

Abstract - Cited by 185 (5 self) - Add to MetaCart

to generate unintended output. This is called a command injection attack, which poses a serious threat to web application security. This paper presents the first formal definition of command injection attacks in the context of web applications, and gives a sound and complete algorithm for preventing them

VULNERABILITIES

by L. Venkata Satyanarayana

"... Abstract — Over the past few years, injection vulnerabilities have become the primary target for remote exploits. SQL injection, command injection, and cross-site scripting are some of the popular attacks that exploit these vulnerabilities. Many web applications written in ASP suffer from injection ..."

Abstract - Add to MetaCart

, constructing control flow graph is constructed based on the use of data flow analysis of the relevant information, taint data propagate to various kinds of vulnerability functions, and detect the XSS or SQL Injection vulnerability in web application’s source code. Results show the benefits of the tool

Countering Code-Injection Attacks With Instruction-Set Randomization

by Gaurav S. Kc - In Proceedings of the ACM Computer and Communications Security (CCS) Conference , 2003

"... We describe a new, general approach for safeguarding systems against any type of code-injection attack. We apply Kerckhoff’s principle, by creating process-specific randomized instruction sets (e.g., machine instructions) of the system executing potentially vulnerable software. An attacker who does ..."

Abstract - Cited by 234 (26 self) - Add to MetaCart

and interpreted languages, e.g., web-based SQL injection. We demonstrate this by modifying the Perl interpreter to permit randomized script execution. The performance penalty in this case is minimal. Where our proposed approach is feasible (i.e., in an emulated environment, in the presence of programmable

Automatically hardening web applications using precise tainting

by Anh Nguyen-tuong, Salvatore Guarnieri, Doug Greene, David Evans - In 20th IFIP International Information Security Conference , 2005

"... Most web applications contain security vulnerabilities. The simple and natural ways of creating a web application are prone to SQL injection attacks and cross-site scripting attacks (among other less common vulnerabilities). In response, many tools have been developed for detecting or mitigating com ..."

Abstract - Cited by 191 (3 self) - Add to MetaCart

Most web applications contain security vulnerabilities. The simple and natural ways of creating a web application are prone to SQL injection attacks and cross-site scripting attacks (among other less common vulnerabilities). In response, many tools have been developed for detecting or mitigating

vulnerabilities in Web applications

by Angelo Ciampa, Corrado Aaron Visaggio, Massimiliano Di Penta

"... A heuristic-based approach for detecting SQL-injection ..."

Abstract - Add to MetaCart

A heuristic-based approach for detecting SQL-injection

Results 1 - 10 of 169

Tools