Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
CCS
2010
ACM
2010
ACM
TAPS: automatically preparing safe SQL queries
We present the first sound program transformation approach for automatically transforming the code of a legacy web application to employ PREPARE statements in place of unsafe SQL queries. Our approach therefore opens the way for eradicating the SQL injection ector from legacy web applications. This extended abstract is based on our paper [4] that appeared in the Financial Cryptography and Data Security (FC’2010) conference. Categories and Subject Descriptors K.6.5 [Security and Protection]: Unauthorized access; H.2.0 [General]: Security, Integrity, and Protection; I.2.2 [Automatic Programming]: Program Transformation; D.2.5 [Testing and Debugging]: Symbolic Execution; D.2.7 [Distribution, Maintenance, and Enhancement]: Restructuring, Reverse Engineering, and Reengineering General Terms Security, Algorithms, Languages Keywords Static Program Transformation, Security by Construction, Symbolic Evaluation, SQL Injection
Real-time Traffic| Added | 13 Jan 2011 |
| Updated | 13 Jan 2011 |
| Type | Journal |
| Year | 2010 |
| Where | CCS |
| Authors | Prithvi Bisht, A. Prasad Sistla, V. N. Venkatakrishnan |
Comments (0)
Researcher Info
|
