Sania: Syntactic and semantic analysis for automated testing against SQL injection

Yuji Kosuga, Kenji Kono, Miyuki Hanaoka, Miho Hishiyama, Yu Takahama

Research output: Chapter in Book/Report/Conference proceedingConference contribution

62 Citations (Scopus)

Abstract

With the recent rapid increase in interactive web applications that employ back-end database services, an SQL injection attack has become one of the most serious security threats. The SQL injection attack allows an attacker to access the underlying database, execute arbitrary commands at intent, and receive a dynamically generated output, such as HTML web pages. In this paper, we present our technique, Sania, for detecting SQL injection vulnerabilities in web applications during the development and debugging phases. Sania intercepts the SQL queries between a web application and a database, and automatically generates elaborate attacks according to the syntax and semantics of the potentially vulnerable spots in the SQL queries. In addition, Sania compares the parse trees of the intended SQL query and those resulting after an attack to assess the safety of these spots. We evaluated our technique using real-world web applications and found that our solution is efficient in comparison with a popular web application vulnerabilities scanner. We also found vulnerability in a product that was just about to be released.

Original languageEnglish
Title of host publicationProceedings - Annual Computer Security Applications Conference, ACSAC
Pages107-116
Number of pages10
DOIs
Publication statusPublished - 2007
Event23rd Annual Computer Security Applications Conference, ACSAC 2007 - Miami Beach, FL, United States
Duration: 2007 Dec 102007 Dec 14

Other

Other23rd Annual Computer Security Applications Conference, ACSAC 2007
CountryUnited States
CityMiami Beach, FL
Period07/12/1007/12/14

Fingerprint

Syntactics
Semantics
Testing
HTML
Websites

ASJC Scopus subject areas

  • Software
  • Engineering(all)

Cite this

Kosuga, Y., Kono, K., Hanaoka, M., Hishiyama, M., & Takahama, Y. (2007). Sania: Syntactic and semantic analysis for automated testing against SQL injection. In Proceedings - Annual Computer Security Applications Conference, ACSAC (pp. 107-116). [4412981] https://doi.org/10.1109/ACSAC.2007.20

Sania : Syntactic and semantic analysis for automated testing against SQL injection. / Kosuga, Yuji; Kono, Kenji; Hanaoka, Miyuki; Hishiyama, Miho; Takahama, Yu.

Proceedings - Annual Computer Security Applications Conference, ACSAC. 2007. p. 107-116 4412981.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Kosuga, Y, Kono, K, Hanaoka, M, Hishiyama, M & Takahama, Y 2007, Sania: Syntactic and semantic analysis for automated testing against SQL injection. in Proceedings - Annual Computer Security Applications Conference, ACSAC., 4412981, pp. 107-116, 23rd Annual Computer Security Applications Conference, ACSAC 2007, Miami Beach, FL, United States, 07/12/10. https://doi.org/10.1109/ACSAC.2007.20
Kosuga Y, Kono K, Hanaoka M, Hishiyama M, Takahama Y. Sania: Syntactic and semantic analysis for automated testing against SQL injection. In Proceedings - Annual Computer Security Applications Conference, ACSAC. 2007. p. 107-116. 4412981 https://doi.org/10.1109/ACSAC.2007.20
Kosuga, Yuji ; Kono, Kenji ; Hanaoka, Miyuki ; Hishiyama, Miho ; Takahama, Yu. / Sania : Syntactic and semantic analysis for automated testing against SQL injection. Proceedings - Annual Computer Security Applications Conference, ACSAC. 2007. pp. 107-116
@inproceedings{6319120e1eba463eb2a17f0844c0b90a,
title = "Sania: Syntactic and semantic analysis for automated testing against SQL injection",
abstract = "With the recent rapid increase in interactive web applications that employ back-end database services, an SQL injection attack has become one of the most serious security threats. The SQL injection attack allows an attacker to access the underlying database, execute arbitrary commands at intent, and receive a dynamically generated output, such as HTML web pages. In this paper, we present our technique, Sania, for detecting SQL injection vulnerabilities in web applications during the development and debugging phases. Sania intercepts the SQL queries between a web application and a database, and automatically generates elaborate attacks according to the syntax and semantics of the potentially vulnerable spots in the SQL queries. In addition, Sania compares the parse trees of the intended SQL query and those resulting after an attack to assess the safety of these spots. We evaluated our technique using real-world web applications and found that our solution is efficient in comparison with a popular web application vulnerabilities scanner. We also found vulnerability in a product that was just about to be released.",
author = "Yuji Kosuga and Kenji Kono and Miyuki Hanaoka and Miho Hishiyama and Yu Takahama",
year = "2007",
doi = "10.1109/ACSAC.2007.20",
language = "English",
isbn = "0769530605",
pages = "107--116",
booktitle = "Proceedings - Annual Computer Security Applications Conference, ACSAC",

}

TY - GEN

T1 - Sania

T2 - Syntactic and semantic analysis for automated testing against SQL injection

AU - Kosuga, Yuji

AU - Kono, Kenji

AU - Hanaoka, Miyuki

AU - Hishiyama, Miho

AU - Takahama, Yu

PY - 2007

Y1 - 2007

N2 - With the recent rapid increase in interactive web applications that employ back-end database services, an SQL injection attack has become one of the most serious security threats. The SQL injection attack allows an attacker to access the underlying database, execute arbitrary commands at intent, and receive a dynamically generated output, such as HTML web pages. In this paper, we present our technique, Sania, for detecting SQL injection vulnerabilities in web applications during the development and debugging phases. Sania intercepts the SQL queries between a web application and a database, and automatically generates elaborate attacks according to the syntax and semantics of the potentially vulnerable spots in the SQL queries. In addition, Sania compares the parse trees of the intended SQL query and those resulting after an attack to assess the safety of these spots. We evaluated our technique using real-world web applications and found that our solution is efficient in comparison with a popular web application vulnerabilities scanner. We also found vulnerability in a product that was just about to be released.

AB - With the recent rapid increase in interactive web applications that employ back-end database services, an SQL injection attack has become one of the most serious security threats. The SQL injection attack allows an attacker to access the underlying database, execute arbitrary commands at intent, and receive a dynamically generated output, such as HTML web pages. In this paper, we present our technique, Sania, for detecting SQL injection vulnerabilities in web applications during the development and debugging phases. Sania intercepts the SQL queries between a web application and a database, and automatically generates elaborate attacks according to the syntax and semantics of the potentially vulnerable spots in the SQL queries. In addition, Sania compares the parse trees of the intended SQL query and those resulting after an attack to assess the safety of these spots. We evaluated our technique using real-world web applications and found that our solution is efficient in comparison with a popular web application vulnerabilities scanner. We also found vulnerability in a product that was just about to be released.

UR - http://www.scopus.com/inward/record.url?scp=48649100112&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=48649100112&partnerID=8YFLogxK

U2 - 10.1109/ACSAC.2007.20

DO - 10.1109/ACSAC.2007.20

M3 - Conference contribution

AN - SCOPUS:48649100112

SN - 0769530605

SN - 9780769530604

SP - 107

EP - 116

BT - Proceedings - Annual Computer Security Applications Conference, ACSAC

ER -