Syntax Error Nullification and Coding Analytics Workgroup alt text here

SQL command injectio attacks

ABSTRACT by Gary Wassermann

Jul 30th, 2009
by admin.
No comments yet

s2avatarsetting

standards

by
Gary Wassermann

SENCAW | AUTHOR
ABSTRACT by Gary Wassermann
Department of Computer Science
University of California, Davis
Software systems interact with outside environments (e.g., by taking inputs from a user) and usually have particular assumptions about these environments. Unchecked or im- properly checked assumptions can affect security and reli- ability of the systems. A major class of such problems is the improper validation of user inputs. In this paper, we present the design of a static analysis framework to address these input related problems in the context of web applica- tions. In particular, we study how to prevent the class of SQL command injection attacks. In our framework, we use an abstract model of a source program that takes user in- puts and dynamically constructs SQL queries. In particular, we conservatively approximate the set of SQL queries that a program may generate as a finite state automaton. Our framework then applies some novel checking algorithms on this automaton to indicate or verify the absence of security violations in the original application program. Work is in progress to build a prototype of our analysis. Mor
Department of Computer Science
University of California, Davis
Gary Wasserman
Software systems interact with outside environments (e.g., by taking inputs from a user) and usually have particular assumptions about these environments. Unchecked or im- properly checked assumptions can affect security and reli- ability of the systems. A major class of such problems is the improper validation of user inputs. In this paper, we present the design of a static analysis framework to address these input related problems in the context of web applica- tions. In particular, we study how to prevent the class of SQL command injection attacks.
In our framework, we use an abstract model of a source program that takes user in- puts and dynamically constructs SQL queries. In particular, we conservatively approximate the set of SQL queries that a program may generate as a finite state automaton. Our framework then applies some novel checking algorithms on this automaton to indicate or verify the absence of security violations in the original application program. Work is in progress to build a prototype of our analysis.