Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ACSAC
2007
IEEE
2007
IEEE
Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Injection
With the recent rapid increase in interactive web applications that employ back-end database services, an SQL injection attack has become one of the most serious security threats. The SQL injection attack allows an attacker to access the underlying database, execute arbitrary commands at intent, and receive a dynamically generated output, such as HTML web pages. In this paper, we present our technique, Sania, for detecting SQL injection vulnerabilities in web applications during the development and debugging phases. Sania intercepts the SQL queries between a web application and a database, and automatically generates elaborate attacks according to the syntax and semantics of the potentially vulnerable spots in the SQL queries. In addition, Sania compares the parse trees of the intended SQL query and those resulting after an attack to assess the safety of these spots. We evaluated our technique using real-world web applications and found that our solution is efficient in comparison wi...
Real-time Traffic| Added | 02 Jun 2010 |
| Updated | 02 Jun 2010 |
| Type | Conference |
| Year | 2007 |
| Where | ACSAC |
| Authors | Yuji Kosuga, Kenji Kono, Miyuki Hanaoka, Miho Hishiyama, Yu Takahama |
Comments (0)
Researcher Info
|
