DocumentCode :
119419
Title :
SQLR: Grammar-Guided Validation of SQL Injection Sanitizers
Author :
Sathyanarayan, Sai ; Dawei Qi ; Zhenkai Liang ; Roychoudary, Abhik
Author_Institution :
Sch. of Comput., Nat. Univ. of Singapore, Singapore, Singapore
fYear :
2014
fDate :
4-7 Aug. 2014
Firstpage :
154
Lastpage :
157
Abstract :
The SQL injection attack is one of the major threats to web applications. Through malicious inputs, attackers can cause data leakage and damage, and even remote code execution on the victim servers. A common solution is to use input sanitizers to filter out inputs that can result in SQL injection attacks. In this paper, we propose a novel solution, SQLR, to validate SQL sanitizers by systematically generating SQL injection attack patterns. Our approach uses the SQL grammar to guide the enumeration of malicious SQL queries efficiently, and summarizes the queries into patterns that can be used by existing solutions. SQLR successfully identified new attack patterns and weaknesses in sanitizers used in several real-world web applications.
Keywords :
Internet; SQL; grammars; query processing; security of data; SQL grammar; SQL injection attack patterns; SQL injection sanitizers; SQLR; Web applications; data damage; data leakage; grammar-guided validation; input sanitizers; malicious SQL queries; malicious inputs; remote code execution; victim servers; Art; Concrete; Databases; Educational institutions; Grammar; Security; Servers;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Engineering of Complex Computer Systems (ICECCS), 2014 19th International Conference on
Conference_Location :
Tianjin
Print_ISBN :
978-1-4799-5481-0
Type :
conf
DOI :
10.1109/ICECCS.2014.29
Filename :
6923131
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=119419
بازگشت