Automated Fix Generator for SQL Injection Attacks

2008 19th International Symposium on Software Reliability Engineering (ISSRE) Pub Date : 2008-11-10 DOI:10.1109/ISSRE.2008.44

Fred Dysart, Mark Sherriff

引用次数: 22

Abstract

A critical problem facing todaypsilas Internet community is the increasing number of attacks exploiting flaws found in Web applications. This paper specifically targets input validation vulnerabilities found in SQL queries that may lead to SQL Injection Attacks (SQLIAs). We introduce a tool that automatically detects and suggests fixes to SQL queries that are found to contain SQL Injection Vulnerabilities (SQLIVs). Testing was performed against phpBB v2.0, an open source forum package, to determine the accuracy and efficacy of our software.

查看原文本刊更多论文

SQL注入攻击的自动修复生成器

当今互联网社区面临的一个关键问题是，利用Web应用程序中发现的缺陷进行攻击的数量不断增加。本文专门针对SQL查询中可能导致SQL注入攻击(sqlia)的输入验证漏洞。我们介绍了一个工具，可以自动检测并建议修复发现包含SQL注入漏洞(sqliv)的SQL查询。针对phpBB v2.0(一个开源论坛包)进行了测试，以确定我们的软件的准确性和有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2008 19th International Symposium on Software Reliability Engineering (ISSRE)

自引率

0.00%

发文量