Showing 1–1 of 1 results for author: Mui, R

Preventing SQL Injection through Automatic Query Sanitization with ASSIST

Authors: Raymond Mui, Phyllis Frankl

Abstract: Web applications are becoming an essential part of our everyday lives. Many of our activities are dependent on the functionality and security of these applications. As the scale of these applications grows, injection vulnerabilities such as SQL injection are major security challenges for developers today. This paper presents the technique of automatic query sanitization to automatically remove SQL… ▽ More Web applications are becoming an essential part of our everyday lives. Many of our activities are dependent on the functionality and security of these applications. As the scale of these applications grows, injection vulnerabilities such as SQL injection are major security challenges for developers today. This paper presents the technique of automatic query sanitization to automatically remove SQL injection vulnerabilities in code. In our technique, a combination of static analysis and program transformation are used to automatically instrument web applications with sanitization code. We have implemented this technique in a tool named ASSIST (Automatic and Static SQL Injection Sanitization Tool) for protecting Java-based web applications. Our experimental evaluation showed that our technique is effective against SQL injection vulnerabilities and has a low overhead. △ Less

Submitted 20 September, 2010; originally announced September 2010.

Comments: In Proceedings TAV-WEB 2010, arXiv:1009.3306

Journal ref: EPTCS 35, 2010, pp. 27-38