An Automatic Revised Tool for Anti-Malicious Injection

Many web application security vulnerabilities result from generic input validation problems. Examples of such vulnerabilities are SQL injection and Cross-Site Scripting (XSS). Some sites attempt to protect themselves by filtering malicious input, but a surprising number of web applications have used no mechanisms to validate input. We have developed a advanced tool that can producing a proper input validation function depending on the database server and the application framework. The tool can automatically insert input proper validation function into the server-side program to eliminate vulnerabilities based on malicious injection. To verify the Efficiency of the tool, we picked the websites made up of some example programs included in the books or created by some web generator tools. Among our experiments, the websites have been automatically injected validation function to avoid malicious injection attack.