Title :
Insider and Ousider Threat-Sensitive SQL Injection Vulnerability Analysis in PHP
Author :
Merlo, Ettore ; Letarte, Dominic ; Antoniol, Giuliano
Author_Institution :
Dept. of Comput. Eng., Ecole Polytechnique de Montreal, Que.
Abstract :
In general, SQL-injection attacks rely on some weak validation of textual input used to build database queries. Maliciously crafted input may threaten the confidentiality and the security policies of Web sites relying on a database to store and retrieve information. Furthermore, insiders may introduce malicious code in a Web application, code that, when triggered by some specific input, for example, would violate security policies. This paper presents an original approach based on static analysis to automatically detect statements in PHP applications that may be vulnerable to SQL-injections triggered by either malicious input (outsider threats) or malicious code (insider threats). Original flow analysis equations, that propagate and combine security levels along an inter-procedural control flow graph (CFG), are presented. The computation of security levels presents linear execution time and memory complexity
Keywords :
SQL; Web sites; flow graphs; program diagnostics; security of data; PHP application; Web sites; database queries; interprocedural control flow graph; security policies; threat-sensitive SQL injection; vulnerability analysis; Algorithm design and analysis; Authorization; Automatic control; Data security; Databases; Differential equations; Flow graphs; Information analysis; Information security; Software maintenance;
Conference_Titel :
Reverse Engineering, 2006. WCRE '06. 13th Working Conference on
Conference_Location :
Benevento
Print_ISBN :
0-7695-2719-1
DOI :
10.1109/WCRE.2006.33
