Sciweavers

CCS
2010
ACM

TAPS: automatically preparing safe SQL queries

13 years 11 months ago
TAPS: automatically preparing safe SQL queries
We present the first sound program transformation approach for automatically transforming the code of a legacy web application to employ PREPARE statements in place of unsafe SQL queries. Our approach therefore opens the way for eradicating the SQL injection ector from legacy web applications. This extended abstract is based on our paper [4] that appeared in the Financial Cryptography and Data Security (FC’2010) conference. Categories and Subject Descriptors K.6.5 [Security and Protection]: Unauthorized access; H.2.0 [General]: Security, Integrity, and Protection; I.2.2 [Automatic Programming]: Program Transformation; D.2.5 [Testing and Debugging]: Symbolic Execution; D.2.7 [Distribution, Maintenance, and Enhancement]: Restructuring, Reverse Engineering, and Reengineering General Terms Security, Algorithms, Languages Keywords Static Program Transformation, Security by Construction, Symbolic Evaluation, SQL Injection
Prithvi Bisht, A. Prasad Sistla, V. N. Venkatakris
Added 13 Jan 2011
Updated 13 Jan 2011
Type Journal
Year 2010
Where CCS
Authors Prithvi Bisht, A. Prasad Sistla, V. N. Venkatakrishnan
Comments (0)