Symbolic execution and program testing
Communications of the ACM
Web application security assessment by fault injection and behavior monitoring
WWW '03 Proceedings of the 12th international conference on World Wide Web
Countering code-injection attacks with instruction-set randomization
Proceedings of the 10th ACM conference on Computer and communications security
Parameterized unit tests with unit meister
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Automatically Generating Malicious Disks using Symbolic Execution
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
A Static Analysis Framework For Detecting SQL Injection Vulnerabilities
COMPSAC '07 Proceedings of the 31st Annual International Computer Software and Applications Conference - Volume 01
Abstracting Symbolic Execution with String Analysis
TAICPART-MUTATION '07 Proceedings of the Testing: Academic and Industrial Conference Practice and Research Techniques - MUTATION
APOGEE: automated project grading and instant feedback system for web based computing
Proceedings of the 39th SIGCSE technical symposium on Computer science education
Precise analysis of string expressions
SAS'03 Proceedings of the 10th international conference on Static analysis
JPF-SE: a symbolic execution extension to Java PathFinder
TACAS'07 Proceedings of the 13th international conference on Tools and algorithms for the construction and analysis of systems
Generalized symbolic execution for model checking and testing
TACAS'03 Proceedings of the 9th international conference on Tools and algorithms for the construction and analysis of systems
ASIDE: IDE support for web application security
Proceedings of the 27th Annual Computer Security Applications Conference
Automated Insertion of Exception Handling for Key and Referential Constraints
Journal of Database Management
| Hi-index | 0.02 |
This paper presents the current progress, main algorithm, and the open problems of a tool set called "SAFELI," for detecting SQL Injection vulnerabilities resident in Web applications. SAFELI instruments the bytecode of Java Web applications and utilizes symbolic execution to statically inspect security vulnerabilities. At each location that submits SQL query, an equation is constructed to find out the initial values of Web controls that lead to the breach of database security. The equation is solved by a hybrid string solver where the solution obtained is used to construct test cases. SQL injection attacks are replayed by SAFELI to designers, step by step. We also raise open problems on more powerful string solver techniques that work at the semantics level.