Insider and Ousider Threat-Sensitive SQL Injection Vulnerability Analysis in PHP

Abstract

In general, SQL-injection attacks rely on some weak validation of textual input used to build database queries. Maliciously crafted input may threaten the confidentiality and the security policies of Web sites relying on a database to store and retrieve information. Furthermore, insiders may introduce malicious code in a Web application, code that, when triggered by some specific input, for example, would violate security policies. This paper presents an original approach based on static analysis to automatically detect statements in PHP applications that may be vulnerable to SQL-injections triggered by either malicious input (outsider threats) or malicious code (insider threats). Original flow analysis equations, that propagate and combine security levels along an inter-procedural control flow graph (CFG), are presented. The computation of security levels presents linear execution time and memory complexity