A Static Analysis Framework For Detecting SQL Injection Vulnerabilities

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Xiang Fu Articles by Xin Lu Articles by Boris Peltsverger Articles by Shijun Chen Articles by Kai Qian Articles by Lixin Tao

2007 31st Annual International Computer Software and Applications Conference

Beijing, China

July 24-July 27

ISBN: 0-7695-2870-8

	ASCII Text	x
	Xiang Fu, Xin Lu, Boris Peltsverger, Shijun Chen, Kai Qian, Lixin Tao, "A Static Analysis Framework For Detecting SQL Injection Vulnerabilities," Computer Software and Applications Conference, Annual International, vol. 1, pp. 87-96, 2007 31st Annual International Computer Software and Applications Conference, 2007.

	BibTex	x
	@article{ 10.1109/COMPSAC.2007.43, author = {Xiang Fu and Xin Lu and Boris Peltsverger and Shijun Chen and Kai Qian and Lixin Tao}, title = {A Static Analysis Framework For Detecting SQL Injection Vulnerabilities}, journal ={Computer Software and Applications Conference, Annual International}, volume = {1}, year = {2007}, issn = {0730-3157}, pages = {87-96}, doi = {http://doi.ieeecomputersociety.org/10.1109/COMPSAC.2007.43}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Software and Applications Conference, Annual International TI - A Static Analysis Framework For Detecting SQL Injection Vulnerabilities SN - 0730-3157 SP87 EP96 A1 - Xiang Fu, A1 - Xin Lu, A1 - Boris Peltsverger, A1 - Shijun Chen, A1 - Kai Qian, A1 - Lixin Tao, PY - 2007 KW - null VL - 1 JA - Computer Software and Applications Conference, Annual International ER -

Xiang Fu, Georgia Southwestern State University, Americus, GA

Xin Lu, Georgia Southwestern State University, Americus, GA

Boris Peltsverger, Georgia Southwestern State University, Americus, GA

Shijun Chen, Georgia Southwestern State University, Americus, GA

Kai Qian, Southern Polytechnic State University,Marietta, GA

Lixin Tao, Pace University, Pleasantville, NY

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/COMPSAC.2007.43

Recently SQL Injection Attack (SIA) has become a major threat to Web applications. Via carefully crafted user input, attackers can expose or manipulate the back-end database of a Web application. This paper proposes the construction and outlines the design of a static analysis framework (called SAFELI) for identifying SIA vulnerabilities at compile time. SAFELI statically inspects MSIL bytecode of an ASP.NET Web application, using symbolic execution. At each hotspot that submits SQL query, a hybrid constraint solver is used to find out the corresponding user input that could lead to breach of information security. Once completed, SAFELI has the future potential to discover more delicate SQL injection attacks than black-box Web security inspection tools.

Citation:

Xiang Fu, Xin Lu, Boris Peltsverger, Shijun Chen, Kai Qian, Lixin Tao, "A Static Analysis Framework For Detecting SQL Injection Vulnerabilities," compsac, vol. 1, pp.87-96, 2007 31st Annual International Computer Software and Applications Conference, 2007

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.