On automated prepared statement generation to remove SQL injection vulnerabilities
Information and Software Technology
Automatic creation of SQL Injection and cross-site scripting attacks
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
HAMPI: a solver for string constraints
Proceedings of the eighteenth international symposium on Software testing and analysis
Efficient character-level taint tracking for Java
Proceedings of the 2009 ACM workshop on Secure web services
Improving impact of self-adaptation and self-management research through evaluation methodology
Proceedings of the 2010 ICSE Workshop on Software Engineering for Adaptive and Self-Managing Systems
A heuristic-based approach for detecting SQL-injection vulnerabilities in web applications
Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems
An empirical investigation into open source web applications' implementation vulnerabilities
Empirical Software Engineering
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
PHP Aspis: using partial taint tracking to protect against injection attacks
WebApps'11 Proceedings of the 2nd USENIX conference on Web application development
HAMPI: a string solver for testing, analysis and vulnerability detection
CAV'11 Proceedings of the 23rd international conference on Computer aided verification
SCRIPTGARD: automatic context-sensitive sanitization for large-scale legacy web applications
Proceedings of the 18th ACM conference on Computer and communications security
Defining code-injection attacks
POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Proceedings of the 2012 International Symposium on Software Testing and Analysis
HAMPI: A solver for word equations over strings, regular expressions, and context-free grammars
ACM Transactions on Software Engineering and Methodology (TOSEM)
International Journal of Computer Applications in Technology
Securing web-clients with instrumented code and dynamic runtime monitoring
Journal of Systems and Software
TaintDroid: an information flow tracking system for real-time privacy monitoring on smartphones
Communications of the ACM
Proceedings of the 23rd international conference on World wide web
Hi-index | 0.02 |
Many software systems have evolved to include a web-based component that makes them available to the public via the Internet and can expose them to a variety of web-based attacks. One of these attacks is SQL injection, which can give attackers unrestricted access to the databases underlying web applications and has become increasingly frequent and serious. This paper presents a new, highly automated approach for protecting web applications against SQL injection that has both conceptual and practical advantages over most existing techniques. From a conceptual standpoint, the approach is based on the novel idea of positive tainting and on the concept of syntax-aware evaluation. From a practical standpoint, our technique is precise and efficient and has minimal deployment requirements. We also present an extensive empirical evaluation of our approach performed using WASP, a tool that implements our technique. In the evaluation, we used WASP to protect a wide range of web applications while subjecting them to a large and varied set of attacks and legitimate accesses. WASP was able to stop all attacks and did not generate any false positives. Our studies also show that the overhead imposed by WASP was negligible in most cases.