TAPS: Automatically Preparing Safe SQL Queries
The authors present the first sound program transformation approach for automatically transforming the code of a legacy web application to employ PREPARE statements in place of unsafe SQL queries. Their approach therefore opens the way for eradicating the SQL injection threat vector from legacy web applications. This extended abstract is based on this paper that appeared in the Financial Cryptography and Data Security (FC'2010) conference. In the last decade SQL Injection Attacks (SQLIA) have emerged as a serious threat to Web Applications. SQLIA are a prime example of malicious input that changes the behavior of a program by sly introduction of query structure into the input strings.