Sciweavers

COMPSAC
2007
IEEE

A Static Analysis Framework For Detecting SQL Injection Vulnerabilities

14 years 5 months ago
A Static Analysis Framework For Detecting SQL Injection Vulnerabilities
Recently SQL Injection Attack (SIA) has become a major threat to Web applications. Via carefully crafted user input, attackers can expose or manipulate the back-end database of a Web application. This paper proposes the construction and outlines the design of a static analysis framework (called SAFELI) for identifying SIA vulnerabilities at compile time. SAFELI statically inspects MSIL bytecode of an ASP.NET Web application, using symbolic execution. At each hotspot that submits SQL query, a hybrid constraint solver is used to find out the corresponding user input that could lead to breach of information security. Once completed, SAFELI has the future potential to discover more delicate SQL injection attacks than black-box Web security inspection tools.
Xiang Fu, Xin Lu, Boris Peltsverger, Shijun Chen,
Added 02 Jun 2010
Updated 02 Jun 2010
Type Conference
Year 2007
Where COMPSAC
Authors Xiang Fu, Xin Lu, Boris Peltsverger, Shijun Chen, Kai Qian, Lixin Tao
Comments (0)