On Automated Prepared Statement Generation to Remove SQL Injection Vulnerabilities
Source: Reed Elsevier
Since 2002, over 10% of total cyber vulnerabilities were SQL injection vulnerabilities (SQLIVs). This paper presents an algorithm of prepared statement replacement for removing SQLIVs by replacing SQL statements with prepared statements. Prepared statements have a static structure, which prevents SQL injection attacks from changing the logical structure of a prepared statement. The authors created a prepared statement replacement algorithm and a corresponding tool for automated fix generation. They conducted four case studies of open source projects to evaluate the capability of the algorithm and its automation. The empirical results show that prepared statement code correctly replaced 94% of the SQLIVs in these projects.
| Format: | Size: | 465.41 | |
| Date: | Sep 2008 |
People who downloaded this item also downloaded
- SQLIPA: An Authentication Mechanism Against SQL Injection
- Development and Implementation of Internet Banking Solution for a Commercial Bank in India
- Artificial Neural Network Based Web Application Firewall for SQL Injection
- Using Positive Tainting and Syntax-Aware Evaluation to Counter SQL Injection Attacks
