University of Calgary
Software systems interact with outside environments (e.g., by taking inputs from a user) and usually have particular assumptions about these environments. Unchecked or improperly checked assumptions can affect security and reliability of the systems. A major class of such problems is the improper validation of user inputs. In this paper, the authors present the design of a static analysis framework to address these input related problems in the context of web applications. In particular, they study how to prevent the class of SQL command injection attacks.