The Community for Technology Leaders
RSS Icon
Subscribe
Amsterdam, the Netherlands
Mar. 21, 2007 to Mar. 23, 2007
ISBN: 0-7695-2802-3
pp: 191-202
ABSTRACT
Web sites may be static sites, programs, or databases, and very often a combination of the three integrating relational databases as a back-end. Web sites require care in configuration and programming to assure security, confidentiality, and trustworthiness of the published information. SQL-injection attacks exploit weak validation of textual input used to build database queries. Maliciously crafted input may threaten the confidentiality and the security policies of Web sites relying on a database to store and retrieve information. This paper presents an original approach that combines static analysis, dynamic analysis, and code re-engineering to automatically protect applications written in PHP from SQL-injection attacks. The paper also reports preliminary results of experiments performed on an old SQL-injection prone version of phpBB (version 2.0.0, 37193 LOC of PHP version 4.2.2 code). Results show that our approach successfully improved phpBB-2.0.0 resistance to SQL-injection attacks
INDEX TERMS
Protection, Application software, Data security, Relational databases, Information security, Software performance, Performance analysis, Dynamic programming, Engines, Computer science,
CITATION
"Automated Protection of PHP Applications Against SQL-injection Attacks", CSMR, 2007, 2011 15th European Conference on Software Maintenance and Reengineering, 2011 15th European Conference on Software Maintenance and Reengineering 2007, pp. 191-202, doi:10.1109/CSMR.2007.16
SEARCH
39 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool