Sciweavers

Free Online Productivity Tools i2Speak i2Symbol i2OCR iTex2Img iWeb2Print iWeb2Shot i2Type iPdf2Split iPdf2Merge i2Bopomofo i2Arabic i2Style i2Image i2PDF iLatex2Rtf Sci2ools

13

ISSRE
2008
IEEE

favoriteEmaildiscussreport

173views Software Engineering» more ISSRE 2008»

Automated Fix Generator for SQL Injection Attacks

13 years 10 months ago

Automated Fix Generator for SQL Injection Attacks

Download www.cs.virginia.edu

A critical problem facing today’s internet community is the increasing number of attacks exploiting flaws found in Web applications. This paper specifically targets input validation vulnerabilities found in SQL queries that may lead to SQL Injection Attacks (SQLIAs). We introduce a tool that automatically detects and suggests fixes to SQL queries that are found to contain SQL Injection Vulnerabilities (SQLIVs). Testing was performed against phpBB v2.0, an open source forum package, to determine the accuracy and efficacy of our software.

Fred Dysart, Mark Sherriff

Real-time Traffic

ISSRE 2008 | Software Engineering | SQL Injection | SQL Injection Vulnerabilities | SQL Queries |

claim paper

Related Content

» Sania Syntactic and Semantic Analysis for Automated Testing against SQL Injection

» Automatic Generation of XSS and SQL Injection Attacks with GoalDirected Model Checking

» Preventing SQL Injection Attacks in Stored Procedures

» Automatic creation of SQL Injection and crosssite scripting attacks

» WASP Protecting Web Applications Using Positive Tainting and SyntaxAware Evaluation

» SQLProb a proxybased architecture towards preventing SQL injection attacks

» Preventing injection attacks with syntax embeddings

» The essence of command injection attacks in web applications

» Simple and safe SQL queries with c templates

Post Info
More Details (n/a)

Added	31 May 2010
Updated	31 May 2010
Type	Conference
Year	2008
Where	ISSRE
Authors	Fred Dysart, Mark Sherriff

Comments (0)