SAFELI: SQL injection scanner using symbolic execution

Abstract

This paper presents the current progress, main algorithm, and the open problems of a tool set called "SAFELI," for detecting SQL Injection vulnerabilities resident in Web applications. SAFELI instruments the bytecode of Java Web applications and utilizes symbolic execution to statically inspect security vulnerabilities. At each location that submits SQL query, an equation is constructed to find out the initial values of Web controls that lead to the breach of database security. The equation is solved by a hybrid string solver where the solution obtained is used to construct test cases. SQL injection attacks are replayed by SAFELI to designers, step by step. We also raise open problems on more powerful string solver techniques that work at the semantics level.