What is the potential vulnerability of the parse tree?

The potential vulnerability is that the programmer may assume that since the query parsed properly, the value stored in the request object’s password field is the same value which was used to build the query.

What are the three criteria of the method?

Their method aims to satisfy the following three criteria:• eliminate the possibility of the attack;• minimize the effort required by the programmer; and• minimize the runtime overhead.

What are some of the technologies that provide frameworks for web applications?

A variety of technologies provide frameworks for web applications, including Sun’s J2EE (Java Server Pages, Servlets,Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page.

What is the syntax for a string that is included in an SQL statement?

When a user-provided string, s, is included within an SQL statement, it is first pre- and post-pended with thecurrent key by using SQLGuard.wrap(s).

Open AccessProceedings Article10.1145/1108473.1108496

Using parse tree validation to prevent SQL injection attacks

Gregory Buehrer, +2 more

- 05 Sep 2005

- pp 106-113

448

TL;DR: A technique to prevent this kind of manipulation and hence eliminate SQL injection vulnerabilities is described, based on comparing, at run time, the parse tree of the SQL statement before inclusion of user input with that resulting after inclusion of input.

Abstract: An SQL injection attack targets interactive web applications that employ database services. Such applications accept user input, such as form fields, and then include this input in database requests, typically SQL statements. In SQL injection, the attacker provides user input that results in a different database request than was intended by the application programmer. That is, the interpretation of the user input as part of a larger SQL statement, results in an SQL statement of a different form than originally intended. We describe a technique to prevent this kind of manipulation and hence eliminate SQL injection vulnerabilities. The technique is based on comparing, at run time, the parse tree of the SQL statement before inclusion of user input with that resulting after inclusion of input. Our solution is efficient, adding about 3 ms overhead to database query costs. In addition, it is easily adopted by application programmers, having the same syntactic structure as current popular record set retrieval methods. For empirical analysis, we provide a case study of our solution in J2EE. We implement our solution in a simple static Java class, and show its effectiveness and scalability.

AI Agents for this Paper

Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps

Most frequently asked questions

1. What are the future works mentioned in the paper "Using parse tree validation to prevent sql injection attacks" ?

In the near future, the authors plan to implement their solution on the.

2. What are the contributions in "Using parse tree validation to prevent sql injection attacks" ?

In SQL injection, the attacker provides user input that results in a different database request than was intended by the application programmer.. The authors describe a technique to prevent this kind of manipulation and hence eliminate SQL injection vulnerabilities.. For empirical analysis, the authors provide a case study of their solution in J2EE.. The authors implement their solution in a simple static Java class, and show its effectiveness and scalability.

3. Why is it important to write queries as dynamically generated strings?

The main reason for writing queries as dynamically generated strings (as opposed to prepared statements) appears to be ease-of-use.

4. What is the common way to indicate the start of a comment?

Most SQL imple-mentations, such as T-SQL and PL/SQL use – – to indicate the start of a comment (although occasionally # is used).

Figure 1: A SELECT query with two user inputs

Figure 8: Average page response times for 10 (top) and 25 (bottom) simultaneous users

Figure 9: Load testing results comparison for traditional Statements and Guarded Statements

Figure 10: Source code for unmodified SQL query (top) and protected SQL query (bottom)

Figure 2: The same SELECT query as in Figure 1, with the user input inserted

Figure 4: The same SELECT query as in Figure 1, with a subtle shadowing attack

Citations

A Classification of SQL-Injection Attacks and Countermeasures

William G. J. Halfond, +2 more

- 01 Jan 2006

TL;DR: An extensive review of the different types of SQL injection attacks known to date is presented, including descriptions and examples of how attacks of that type could be performed and existing detection and prevention techniques against SQL injections.

...read moreread less

716

•Journal Article•10.5121/IJCSES.2010.1206

Routing Protocols in Wireless Sensor Networks - A Survey

Shio Kumar Singh, +2 more

- 29 Nov 2010

- International Journal of Computer Scienc...

TL;DR: A survey of routing protocols for Wireless Sensor Network is given and their strengths and limitations are compared.

...read moreread less

663

Proceedings Article•10.1145/1111037.1111070

The essence of command injection attacks in web applications

Zhendong Su, +1 more

- 11 Jan 2006

TL;DR: This paper presents the first formal definition of command injection attacks in the context of web applications, and gives a sound and complete algorithm for preventing them based on context-free grammars and compiler parsing techniques.

...read moreread less

619

Proceedings Article•10.1145/1250734.1250739

Sound and precise analysis of web applications for injection vulnerabilities

Gary Wassermann, +1 more

- 10 Jun 2007

TL;DR: This paper proposes a precise, sound, and fully automated analysis technique for SQL injection that successfully discovered previously unknown and sometimes subtle vulnerabilities in real-world programs, has a low false positive rate, and scales to large programs.

...read moreread less

425

Journal Article•10.1109/COMST.2018.2870658

DDoS Attacks at the Application Layer: Challenges and Research Perspectives for Safeguarding Web Applications

Amit Praseed, +1 more

- 01 Jan 2019

- IEEE Communications Surveys and Tutorial...

TL;DR: This paper attempts to explore the entire spectrum of application layer DDoS attacks using critical features that aid in understanding how these attacks can be executed to help researchers understand why a particular group of features are useful in detecting a particular class of attacks.

...read moreread less

158

...

Expand

References

Proceedings of the 11th USENIX Security Symposium

Dan Boneh

- 05 Aug 2002

TL;DR: It is shown that permitting user selection of passwords in two graphical password schemes can yield passwords with entropy far below the theoretical optimum and, in some cases, that are highly correlated with the race or gender of the user.

...read moreread less

1.8K

•Proceedings Article

StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks

Crispin Cowan, +9 more

- 26 Jan 1998

TL;DR: StackGuard is described: a simple compiler technique that virtually eliminates buffer overflow vulnerabilities with only modest performance penalties, and a set of variations on the technique that trade-off between penetration resistance and performance.

...read moreread less

1.6K

•Proceedings Article•10.1145/948109.948146

Countering code-injection attacks with instruction-set randomization

Gaurav S. Kc, +2 more

- 27 Oct 2003

TL;DR: A new, general approach for safeguarding systems against any type of code-injection attack, by creating process-specific randomized instruction sets of the system executing potentially vulnerable software that can serve as a low-overhead protection mechanism, and can easily complement other mechanisms.

...read moreread less

830

•Book Chapter•10.1007/978-3-540-24852-1_21

SQLrand: Preventing SQL Injection Attacks

Stephen W. Boyd, +1 more

- 08 Jun 2004

TL;DR: This work applies the concept of instruction-set randomization to SQL, creating instances of the language that are unpredictable to the attacker, and shows how to use this technique with the MySQL database using an intermediary proxy that translates the random SQL to its standard language.

...read moreread less

497

Proceedings Article•10.1145/775152.775174

Web application security assessment by fault injection and behavior monitoring

Yao-Wen Huang, +3 more

- 20 May 2003

TL;DR: The design of Web application security assessment mechanisms are analyzed in order to identify poor coding practices that render Web applications vulnerable to attacks such as SQL injection and cross-site scripting.

...read moreread less

432

...

Expand

Using parse tree validation to prevent SQL injection attacks

Chat with Paper

AI Agents for this Paper

Most frequently asked questions

1. What are the future works mentioned in the paper "Using parse tree validation to prevent sql injection attacks" ?

2. What are the contributions in "Using parse tree validation to prevent sql injection attacks" ?

3. Why is it important to write queries as dynamically generated strings?

4. What is the common way to indicate the start of a comment?

5. What is the potential vulnerability of the parse tree?

6. What are the three criteria of the method?

7. What are some of the technologies that provide frameworks for web applications?

8. What is the syntax for a string that is included in an SQL statement?

Figures

Citations

A Classification of SQL-Injection Attacks and Countermeasures

Routing Protocols in Wireless Sensor Networks - A Survey

The essence of command injection attacks in web applications

Sound and precise analysis of web applications for injection vulnerabilities

DDoS Attacks at the Application Layer: Challenges and Research Perspectives for Safeguarding Web Applications

References

Proceedings of the 11th USENIX Security Symposium

StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks

Countering code-injection attacks with instruction-set randomization

SQLrand: Preventing SQL Injection Attacks

Web application security assessment by fault injection and behavior monitoring

Related Papers (5)

The essence of command injection attacks in web applications

SQLrand: Preventing SQL Injection Attacks

A Classification of SQL-Injection Attacks and Countermeasures

Securing web application code by static analysis and runtime protection

SQL DOM: compile time checking of dynamic SQL statements