Computer Science – Software Engineering
Scientific paper
2010-09-20
EPTCS 35, 2010, pp. 27-38
Computer Science
Software Engineering
In Proceedings TAV-WEB 2010, arXiv:1009.3306
Scientific paper
10.4204/EPTCS.35.3
Web applications are becoming an essential part of our everyday lives. Many of our activities are dependent on the functionality and security of these applications. As the scale of these applications grows, injection vulnerabilities such as SQL injection are major security challenges for developers today. This paper presents the technique of automatic query sanitization to automatically remove SQL injection vulnerabilities in code. In our technique, a combination of static analysis and program transformation are used to automatically instrument web applications with sanitization code. We have implemented this technique in a tool named ASSIST (Automatic and Static SQL Injection Sanitization Tool) for protecting Java-based web applications. Our experimental evaluation showed that our technique is effective against SQL injection vulnerabilities and has a low overhead.
Frankl Phyllis
Mui Raymond
No associations
LandOfFree
Preventing SQL Injection through Automatic Query Sanitization with ASSIST does not yet have a rating. At this time, there are no reviews or comments for this scientific paper.
If you have personal experience with Preventing SQL Injection through Automatic Query Sanitization with ASSIST, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Preventing SQL Injection through Automatic Query Sanitization with ASSIST will most certainly appreciate the feedback.
Profile ID: LFWR-SCP-O-263847