Proceedings Article10.1109/COMPSAC.2007.43
A Static Analysis Framework For Detecting SQL Injection Vulnerabilities
Xiang Fu,Xin Lu,Boris Peltsverger,Shijun Chen,Kai Qian,Lixin Tao +5 more
- 24 Jul 2007
- Vol. 1, pp 87-96
165
TL;DR: The construction and design of a static analysis framework (called SAFELI) for identifying SIA vulnerabilities at compile time is proposed, which has the future potential to discover more delicate SQL injection attacks than black-box Web security inspection tools.
read more
Abstract: Recently SQL injection attack (SIA) has become a major threat to Web applications. Via carefully crafted user input, attackers can expose or manipulate the back-end database of a Web application. This paper proposes the construction and outlines the design of a static analysis framework (called SAFELI) for identifying SIA vulnerabilities at compile time. SAFELI statically inspects MSIL bytecode of an ASP.NET Web application, using symbolic execution. At each hotspot that submits SQL query, a hybrid constraint solver is used to find out the corresponding user input that could lead to breach of information security. Once completed, SAFELI has the future potential to discover more delicate SQL injection attacks than black-box Web security inspection tools.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Automatic creation of SQL Injection and cross-site scripting attacks
Adam Kieyzun,Philip J. Guo,Karthick Jayaraman,Michael D. Ernst +3 more
- 16 May 2009
TL;DR: This work presents a technique for finding security vulnerabilities in Web applications by analyzing the input to the application to access or modify user data and execute malicious code.
HAMPI: a solver for string constraints
Adam Kiezun,Vijay Ganesh,Philip J. Guo,Pieter Hooimeijer,Michael D. Ernst +4 more
- 19 Jul 2009
TL;DR: Hampi, a solver for string constraints over fixed-size string variables that is expressive and efficient, and can be successfully applied to testing and analysis of real programs.
Path Feasibility Analysis for String-Manipulating Programs
Nikolaj Bjørner,Nikolai Tillmann,Andrei Voronkov +2 more
- 27 Mar 2009
TL;DR: Results on the complexity of the problem of path feasibility for programs manipulating strings using a collection of standard string library functions, including its undecidability in the general case and decidability of some special cases are proved.
A survey on SQL injection: Vulnerabilities, attacks, and prevention techniques
Diallo Abdoulaye Kindy,Al-Sakib Khan Pathan +1 more
- 14 Jun 2011
TL;DR: A detailed review on various types of SQL injection attacks, vulnerabilities, and prevention techniques is presented and future expectations and possible development of countermeasures againstSQL injection attacks are noted down.
Detecting web attacks with end-to-end deep learning
TL;DR: The results show that the proposed approach can efficiently and accurately detect attacks, including SQL injection, cross-site scripting, and deserialization, with minimal domain knowledge and little labeled training data.
References
Graph-Based Algorithms for Boolean Function Manipulation
TL;DR: In this paper, the authors present a data structure for representing Boolean functions and an associated set of manipulation algorithms, which have time complexity proportional to the sizes of the graphs being operated on, and hence are quite efficient as long as the graphs do not grow too large.
Symbolic execution and program testing
TL;DR: A particular system called EFFIGY which provides symbolic execution for program testing and debugging is described, which interpretively executes programs written in a simple PL/I style programming language.
Symbolic model checking: 10/sup 20/ states and beyond
Jerry R. Burch,Edmund M. Clarke,Kenneth L. McMillan,David L. Dill,L.J. Hwang +4 more
- 04 Jun 1990
TL;DR: In this paper, a model-checking algorithm for mu-calculus formulas which uses R.E. Bryant's (1986) binary decision diagrams to represent relations and formulas symbolically is described.
EXE: Automatically Generating Inputs of Death
TL;DR: This article presents EXE, an effective bug-finding tool that automatically generates inputs that crash real code by solving the current path constraints to find concrete values using its own co-designed constraint solver, STP.
1.1K
Countering code-injection attacks with instruction-set randomization
Gaurav S. Kc,Angelos D. Keromytis,Vassilis Prevelakis +2 more
- 27 Oct 2003
TL;DR: A new, general approach for safeguarding systems against any type of code-injection attack, by creating process-specific randomized instruction sets of the system executing potentially vulnerable software that can serve as a low-overhead protection mechanism, and can easily complement other mechanisms.
Related Papers (5)
Aske Simon Christensen,Anders Møller,Michael I. Schwartzbach +2 more
- 11 Jun 2003
Zhendong Su,Gary Wassermann +1 more
- 11 Jan 2006
Stephen W. Boyd,Angelos D. Keromytis +1 more
- 08 Jun 2004