Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 1 of 1
Full-Text Articles in Physical Sciences and Mathematics
Semi-Automated Verification Of Defense Against Sql Injection In Web Applications, Kaiping Liu, Hee Beng Kuan Tan, Lwin Khin Shar
Semi-Automated Verification Of Defense Against Sql Injection In Web Applications, Kaiping Liu, Hee Beng Kuan Tan, Lwin Khin Shar
Research Collection School Of Computing and Information Systems
Recent reports reveal that majority of the attacks to Web applications are input manipulation attacks. Among these attacks, SQL injection attack malicious input is submitted to manipulate the database in a way that was unintended by the applications' developers is one such attack. This paper proposes an approach for assisting to code verification process on the defense against SQL injection. The approach extracts all such defenses implemented in code. With the use of the proposed approach, developers, testers or auditors can then check the defenses extracted from code to verify their adequacy. We have evaluated the feasibility, effectiveness, and usefulness …