DocumentCode :
2000233
Title :
An Approach for SQL Injection Vulnerability Detection
Author :
Mei Junjin
Author_Institution :
Huangshi Inst. ofTechnololgy, Huangshi
fYear :
2009
fDate :
27-29 April 2009
Firstpage :
1411
Lastpage :
1414
Abstract :
Our research objective is to facilitate the identification of true input manipulation vulnerabilities via the combination of static analysis, runtime detection, and automatic testing. We propose an approach for SQL injection vulnerability detection, automated by a prototype tool SQLInjectionGen. We performed case studies on two small Web applications for the evaluation of our approach compared to static analysis for identifying true SQL injection vulnerabilities. In our case study, SQLInjectionGen had no false positives, but had a small number of false negatives while the static analysis tool had a false positive for every vulnerability that was actually protected by a white or black list.
Keywords :
SQL; security of data; SQL injection vulnerability detection; SQLInjectionGen; automatic testing; input manipulation vulnerabilities; runtime detection; static analysis; Automatic testing; Databases; Information analysis; Information technology; Java; Manuals; Performance analysis; Performance evaluation; Prototypes; Runtime; SQL Injection attacks; automatic testing; input filtering; runtime detection; static analysis;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Information Technology: New Generations, 2009. ITNG '09. Sixth International Conference on
Conference_Location :
Las Vegas, NV
Print_ISBN :
978-1-4244-3770-2
Electronic_ISBN :
978-0-7695-3596-8
Type :
conf
DOI :
10.1109/ITNG.2009.34
Filename :
5070824
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2000233
بازگشت