A Static Analysis Framework For Detecting SQL Injection Vulnerabilities
Computer Software and Applications Conference, 2007. COMPSAC 2007. 31st Annual International(2007)
摘要
Recently SQL Injection Attack (SIA) has become a major threat to Web applications. Via carefully crafted user input, attackers can expose or manipulate the back-end database of a Web application. This paper proposes the construction and outlines the design of a static analysis framework (called SAFELI) for identifying SIA vulnerabilities at compile time. SAFELI statically inspects MSIL bytecode of an ASP.NET Web application, using symbolic execution. At each hotspot that submits SQL query, a hybrid constraint solver is used to find out the corresponding user input that could lead to breach of information security. Once completed, SAFELI has the future potential to discover more delicate SQL injection attacks than black-box Web security inspection tools.
更多查看译文
关键词
constraint solver,sia vulnerability,sql injection attack,automatic testing.,black-box web security inspection,sql query,information security,web application,delicate sql injection attack,detecting sql injection vulnerabilities,static analysis framework,symbolic execution,user input,back-end database,corresponding user input,sql injection vulnerability,internet,application software,intrusion detection,sql injection,web security,testing,information analysis,software engineering,sql,databases,static analysis
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要