Compilers: principles, techniques, and tools
Compilers: principles, techniques, and tools
Control flow analysis in scheme
PLDI '88 Proceedings of the ACM SIGPLAN 1988 conference on Programming Language design and Implementation
POPL '91 Proceedings of the 18th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
PLDI '93 Proceedings of the ACM SIGPLAN 1993 conference on Programming language design and implementation
Precise interprocedural dataflow analysis via graph reachability
POPL '95 Proceedings of the 22nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Interconvertbility of set constraints and context-free language reachability
PEPM '97 Proceedings of the 1997 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation
Multi-stage programming with explicit annotations
PEPM '97 Proceedings of the 1997 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation
LFP '86 Proceedings of the 1986 ACM conference on LISP and functional programming
Global Data Flow Analysis and Iterative Algorithms
Journal of the ACM (JACM)
Projection merging: reducing redundancies in inclusion constraint graphs
Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A type system for dynamic Web documents
Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Ultra-fast aliasing analysis using CLA: a million lines of C code in a second
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
Static validation of dynamically generated HTML
PASTE '01 Proceedings of the 2001 ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
A unified approach to global program optimization
POPL '73 Proceedings of the 1st annual ACM SIGACT-SIGPLAN symposium on Principles of programming languages
ACM Transactions on Internet Technology (TOIT)
Soot - a Java bytecode optimization framework
CASCON '99 Proceedings of the 1999 conference of the Centre for Advanced Studies on Collaborative research
A family of test adequacy criteria for database-driven applications
Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering
Introduction to Automata Theory, Languages, and Computation (3rd Edition)
Introduction to Automata Theory, Languages, and Computation (3rd Edition)
Precise analysis of string expressions
SAS'03 Proceedings of the 10th international conference on Static analysis
JDBC Checker: A Static Analysis Tool for SQL/JDBC Applications
Proceedings of the 26th International Conference on Software Engineering
Static approximation of dynamically generated Web pages
WWW '05 Proceedings of the 14th international conference on World Wide Web
Testing database transactions with AGENDA
Proceedings of the 27th international conference on Software engineering
SQL DOM: compile time checking of dynamic SQL statements
Proceedings of the 27th international conference on Software engineering
Safe query objects: statically typed objects as remotely executable queries
Proceedings of the 27th international conference on Software engineering
Checking type safety of foreign function calls
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Combining static analysis and runtime monitoring to counter SQL-injection attacks
WODA '05 Proceedings of the third international workshop on Dynamic analysis
AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks
Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
Using parse tree validation to prevent SQL injection attacks
SEM '05 Proceedings of the 5th international workshop on Software engineering and middleware
String analysis for x86 binaries
PASTE '05 Proceedings of the 6th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
The essence of command injection attacks in web applications
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Preventing SQL injection attacks using AMNESIA
Proceedings of the 28th international conference on Software engineering
Understanding software application interfaces via string analysis
Proceedings of the 28th international conference on Software engineering
XGLR: an algorithm for ambiguity in programming languages
Science of Computer Programming - The fourth workshop on language descriptions, tools, and applications (LDTA'04)
Using positive tainting and syntax-aware evaluation to counter SQL injection attacks
Proceedings of the 14th ACM SIGSOFT international symposium on Foundations of software engineering
Extracting queries by static analysis of transparent persistence
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Sound and precise analysis of web applications for injection vulnerabilities
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Finding security vulnerabilities in java applications with static analysis
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Dynamic test input generation for database applications
Proceedings of the 2007 international symposium on Software testing and analysis
Improving test case generation for web applications using automated interface discovery
Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Preventing injection attacks with syntax embeddings
GPCE '07 Proceedings of the 6th international conference on Generative programming and component engineering
Simple and safe SQL queries with c++ templates
GPCE '07 Proceedings of the 6th international conference on Generative programming and component engineering
Eliminating impedance mismatch in C++
VLDB '07 Proceedings of the 33rd international conference on Very large data bases
Static detection of cross-site scripting vulnerabilities
Proceedings of the 30th international conference on Software engineering
Impact analysis of database schema changes
Proceedings of the 30th international conference on Software engineering
Checking type safety of foreign function calls
ACM Transactions on Programming Languages and Systems (TOPLAS)
Symbolic String Verification: An Automata-Based Approach
SPIN '08 Proceedings of the 15th international workshop on Model Checking Software
Automated identification of parameter mismatches in web applications
Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering
Automated Software Engineering
Automatic creation of SQL Injection and cross-site scripting attacks
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
Locating need-to-translate constant strings for software internationalization
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
Profile-guided static typing for dynamic scripting languages
Proceedings of the 24th ACM SIGPLAN conference on Object oriented programming systems languages and applications
Preventing injection attacks with syntax embeddings
Science of Computer Programming
Simple and safe SQL queries with C++ templates
Science of Computer Programming
Cooperative bug isolation: winning thesis of the 2005 ACM doctoral dissertation competition
Cooperative bug isolation: winning thesis of the 2005 ACM doctoral dissertation competition
Static and dynamic analysis for web security in industry applications
International Journal of Electronic Security and Digital Forensics
Repairing OLAP queries in databases with referential integrity errors
DOLAP '10 Proceedings of the ACM 13th international workshop on Data warehousing and OLAP
Locating need-to-translate constant strings in web applications
Proceedings of the eighteenth ACM SIGSOFT international symposium on Foundations of software engineering
Relational string verification using multi-track automata
CIAA'10 Proceedings of the 15th international conference on Implementation and application of automata
Patching vulnerabilities with sanitization synthesis
Proceedings of the 33rd International Conference on Software Engineering
Development of tools to manage embedded SQL
Proceedings of the 49th Annual Southeast Regional Conference
String abstractions for string verification
Proceedings of the 18th international SPIN conference on Model checking software
Static analysis of string values
ICFEM'11 Proceedings of the 13th international conference on Formal methods and software engineering
Validity checking for finite automata over linear arithmetic constraints
FSTTCS'06 Proceedings of the 26th international conference on Foundations of Software Technology and Theoretical Computer Science
PSIAQOP: preventing SQL injection attacks based on query optimization process
Proceedings of the Second Kuwait Conference on e-Services and e-Systems
A practical string analyzer by the widening approach
APLAS'06 Proceedings of the 4th Asian conference on Programming Languages and Systems
Polymorphic type inference for the JNI
ESOP'06 Proceedings of the 15th European conference on Programming Languages and Systems
Auto-locating and fix-propagating for HTML validation errors to PHP server-side code
ASE '11 Proceedings of the 2011 26th IEEE/ACM International Conference on Automated Software Engineering
Localizing SQL faults in database applications
ASE '11 Proceedings of the 2011 26th IEEE/ACM International Conference on Automated Software Engineering
Verifying client-side input validation functions using string analysis
Proceedings of the 34th International Conference on Software Engineering
Aiding Maintenance of Database Applications Through Extracting Attribute Dependency Graph
Journal of Database Management
Automata-based symbolic string analysis for vulnerability detection
Formal Methods in System Design
| Hi-index | 0.00 |
Many data-intensive applications dynamically constructqueries in response to client requests and execute them.Java servlets, e.g., can create string representations ofSQL queries and then send the queries, using JDBC, to adatabase server for execution. The servlet programmer enjoysstatic checking via Javaýs strong type system. However,the Java type system does little to check for possible errorsin the dynamically generated SQL query strings. Thus,a type error in a generated selection query (e.g., comparinga string attribute with an integer) can result in an SQLruntime exception. Currently, such defects must be rootedout through careful testing, or (worse) might be found bycustomers at runtime. In this paper, we present a sound,static, program analysis technique to verify the correctnessof dynamically generated query strings. We describe ouranalysis technique and provide soundness results for ourstatic analysis algorithm. We also describe the details of aprototype tool based on the algorithm and present severalillustrative defects found in senior software-engineeringstudent-team projects, online tutorial examples, and a real-worldpurchase order system written by one of the authors.