Sania: Syntactic and semantic analysis for automated testing against SQL injection

Yuji Kosuga, Kenji Kono, Miyuki Hanaoka, Miho Hishiyama, Yu Takahama

研究成果: Conference contribution

68 被引用数 (Scopus)

抄録

With the recent rapid increase in interactive web applications that employ back-end database services, an SQL injection attack has become one of the most serious security threats. The SQL injection attack allows an attacker to access the underlying database, execute arbitrary commands at intent, and receive a dynamically generated output, such as HTML web pages. In this paper, we present our technique, Sania, for detecting SQL injection vulnerabilities in web applications during the development and debugging phases. Sania intercepts the SQL queries between a web application and a database, and automatically generates elaborate attacks according to the syntax and semantics of the potentially vulnerable spots in the SQL queries. In addition, Sania compares the parse trees of the intended SQL query and those resulting after an attack to assess the safety of these spots. We evaluated our technique using real-world web applications and found that our solution is efficient in comparison with a popular web application vulnerabilities scanner. We also found vulnerability in a product that was just about to be released.

本文言語English
ホスト出版物のタイトルProceedings - 23rd Annual Computer Security Applications Conference, ACSAC 2007
ページ107-116
ページ数10
DOI
出版ステータスPublished - 2007
イベント23rd Annual Computer Security Applications Conference, ACSAC 2007 - Miami Beach, FL, United States
継続期間: 2007 12 102007 12 14

出版物シリーズ

名前Proceedings - Annual Computer Security Applications Conference, ACSAC
ISSN(印刷版)1063-9527

Other

Other23rd Annual Computer Security Applications Conference, ACSAC 2007
CountryUnited States
CityMiami Beach, FL
Period07/12/1007/12/14

ASJC Scopus subject areas

  • Software
  • Engineering(all)

フィンガープリント 「Sania: Syntactic and semantic analysis for automated testing against SQL injection」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル