Download now Free registration required
SQL injection attacks pose a serious threat to the security of Web applications because they can give attackers unrestricted access to databases that contain sensitive information. In this paper, the authors propose a new, highly automated approach for protecting existing Web applications against SQL injection. Their approach has conceptual advantages over most existing techniques. From the conceptual view, the approach is based on the novel idea of positive tainting and the concept of syntax-aware evaluation. The paper also describes WASP, a tool that implements their technique and a set of studies performed to evaluate their approach. In this paper, they used their tool to protect several Web applications and then subjected them to a large and varied set of attacks and legitimate accesses.
- Format: PDF
- Size: 429.43 KB