An Analysis Framework for Security in Web Applications

Software systems interact with outside environments (e.g., by taking inputs from a user) and usually have particular assumptions about these environments. Unchecked or improperly checked assumptions can affect security and reliability of the systems. A major class of such problems is the improper validation of user inputs. In this paper, the authors present the design of a static analysis framework to address these input related problems in the context of web applications. In particular, they study how to prevent the class of SQL command injection attacks.

Provided by: University of Calgary Topic: Security Date Added: Jan 2014 Format: PDF

Find By Topic