• DocumentCode
    1728456
  • Title

    Automated Fix Generator for SQL Injection Attacks

  • Author

    Dysart, Fred ; Sherriff, Mark

  • Author_Institution
    Dept. of Comput. Sci., Univ. of Virginia, Charlottesville, VA
  • fYear
    2008
  • Firstpage
    311
  • Lastpage
    312
  • Abstract
    A critical problem facing todaypsilas Internet community is the increasing number of attacks exploiting flaws found in Web applications. This paper specifically targets input validation vulnerabilities found in SQL queries that may lead to SQL Injection Attacks (SQLIAs). We introduce a tool that automatically detects and suggests fixes to SQL queries that are found to contain SQL Injection Vulnerabilities (SQLIVs). Testing was performed against phpBB v2.0, an open source forum package, to determine the accuracy and efficacy of our software.
  • Keywords
    Internet; SQL; query processing; security of data; Internet; SQL injection vulnerability; SQL query; Web application; automated fix generator; Application software; Computer science; Databases; Graphical user interfaces; Internet; Java; Reliability engineering; Software maintenance; Software reliability; Software testing; Automated Fix Generation; MySQL; PHP; SQL Injection Attack;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Software Reliability Engineering, 2008. ISSRE 2008. 19th International Symposium on
  • Conference_Location
    Seattle, WA
  • ISSN
    1071-9458
  • Print_ISBN
    978-0-7695-3405-3
  • Electronic_ISBN
    1071-9458
  • Type

    conf

  • DOI
    10.1109/ISSRE.2008.44
  • Filename
    4700351
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1728456