A Static Analysis Framework for Database Applications
Database developers today use data access APIs such as ADO.NET to execute SQL queries from their application. These applications often have security problems such as SQL injection vulnerabilities and performance problems such as poorly written SQL queries. However today's compilers have little or no understanding of data access APIs or DBMS, and hence the above problems can go undetected until much later in the application lifecycle. Authors present a framework that adapts traditional program analysis by leveraging understanding of data access APIs in order to identify such problems early on during application development. The framework can analyze database application binaries that use ADO.NET data access APIs.