Title :
A security analysis tool for web application reinforcement against SQL injection attacks (SQLIAs)
Author :
Lashkaripour, Z. ; Bafghi, Abbas Ghaemi
Author_Institution :
Dept. of Comput., Ferdowsi Univ. of Mashhad, Mashhad, Iran
Abstract :
In SQLIA, attacker injects an input in the query in order to change the structure of the query intended by the programmer and therefore, gain access to the data in the underlying database. Due to the significance of the stored data, web application´s security against SQLIA is vital. In this paper we propose a tool that is capable of reporting the transformations needed to reinforce the security of a Java-based web application and its database against SQLIAs. This tool which is based on static analysis and runtime validation uses our new technique for detection and prevention of SQLIAs. In our technique user inputs in SQL queries are removed and some information is gathered in order to make the detection easier and faster at runtime. According to these information the tool reports the transformations needed and the location of the transformations in source code and therefore after applying the transformations the result would be a reinforced web application against SQLIAs.
Keywords :
Internet; Java; SQL; program diagnostics; query processing; security of data; source code (software); Java-based Web application; SQL injection attacks; SQL queries; SQLIA; Web application reinforcement; Web application security; runtime validation; security analysis tool; source code; static analysis; Analytical models; Databases; Delays; Encoding; Engines; Runtime; Security; SQLIA; Web application; detection; static analysis; transformation;
Conference_Titel :
Information Security and Cryptology (ISCISC), 2013 10th International ISC Conference on
Conference_Location :
Yazd
DOI :
10.1109/ISCISC.2013.6767326
