An approach for the maintenance of input validation

Liu, Hui; Tan, Hee Beng Kuan

doi:10.1016/j.infsof.2007.05.004

Cited by 9 publications

(5 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It is also a key to defend security attacks against Web applications. Both specification-based and code-based approaches have been proposed for testing the adequacy of input validation schemes [13,14,15,16,17,18,19]. Specification-based input validation testing approaches generate test cases with the aim of exercising valid and invalid input conditions as complete as possible [13,14,15,18].…”

Section: B Input Validation and Security Testing Approachmentioning

confidence: 99%

Semi-Automated Verification of Defense against SQL Injection in Web Applications

Liu

Tan

Shar

2012

2012 19th Asia-Pacific Software Engineering Conference

Self Cite

View full text Add to dashboard Cite

Recent reports reveal that majority of the attacks to Web applications are input manipulation attacks. Among these attacks, SQL injection attack -malicious input is submitted to manipulate the database in a way that was unintended by the applications' developers -is one such attack. This paper proposes an approach for assisting to code verification process on the defense against SQL injection. The approach extracts all such defenses implemented in code. With the use of the proposed approach, developers, testers or auditors can then check the defenses extracted from code to verify their adequacy. We have evaluated the feasibility, effectiveness, and usefulness of the proposed approach by a set of open-source systems. Our experiment results showed that the proposed approach is effective in extracting all the possible defenses implemented/adopted by Web applications. We observed that the proposed approach would be useful in identifying the false positive cases resulting from other related approaches and auditing the code in order to fix the actual vulnerable cases.

show abstract

Section: B Input Validation and Security Testing Approachmentioning

confidence: 99%

Semi-Automated Verification of Defense against SQL Injection in Web Applications

Liu

Tan

Shar

2012

2012 19th Asia-Pacific Software Engineering Conference

Self Cite

View full text Add to dashboard Cite

show abstract

“…for vulnerability signatures (Brumley et al 2006), path conditions (Snelting et al 2006), input validation (Liu and Kuan Tan 2008), reducing programs for model checking (Shacham et al 2007) and for witnesses for illicit information flow (Hammer and Snelting 2009). Such applications can benefit from chopping algorithms that are as precise as possible (i.e.…”

Section: Introductionmentioning

confidence: 99%

Advanced chopping of sequential and concurrent programs

Giffhorn

2010

Software Qual J

View full text Add to dashboard Cite

A chop for a source statement s and a target statement t reveals the program parts involved in conveying effects from s to t. While precise chopping algorithms for sequential programs are known, no chopping algorithm for concurrent programs has been reported at all. This work introduces six chopping algorithms for concurrent programs, which offer different degrees of precision, ranging from imprecise over context-sensitive to time-sensitive. Our evaluation on concurrent Java programs shows that context-sensitive and time-sensitive chopping reduces chop sizes significantly. We further present an extensive evaluation of chopping algorithms for sequential programs and describe a new, easy-to-implement chopping technique for sequential programs that computes fast and almost context-sensitive chops.

show abstract

“…The work presented in this thesis has been published in [110][111][112][113][114]. It has the following three major contributions.…”

Section: Major Contributionsmentioning

confidence: 99%

“…The proposed approaches are established based on the techniques of program analysis, program slicing and software testing augmented with empirical properties. The work has been published in [110][111][112][113][114].…”

Section: Conclusion 71 Conclusionmentioning

confidence: 99%

Automated recovery, maintenance and testing of input validation

Liu¹

Self Cite

View full text Add to dashboard Cite

Input validation is the enforcement in software systems to ensure that only valid input is accepted to raise effects. It is essential and very important to a large class of software systems and usually forms a major part of data-intensive systems. Currently, the design and implementation of input validation are carried out by application developers. The recovery and maintenance of the input validation implemented in software systems are challenging. Furthermore, as input validation is vital to the robustness of software system, having an effective method for testing input validation is important for software quality assurance. In this thesis, we establish the approaches for the recovery, maintenance and testing of input validation based on the techniques of program analysis, program slicing and software testing augmented with empirical properties. We present some properties that characterize the implementation of input validation and an algorithm for the automated recovery of input validation information from program source code. The information recovered provides the basis for the maintenance and testing of input validation. We then introduce a variant of control flow graph called validation flow graph for representing the overall structure of the input validation implemented in software systems and a set of vi

show abstract

An approach for the maintenance of input validation

Cited by 9 publications

References 28 publications

Semi-Automated Verification of Defense against SQL Injection in Web Applications

Semi-Automated Verification of Defense against SQL Injection in Web Applications

Advanced chopping of sequential and concurrent programs

Automated recovery, maintenance and testing of input validation

Contact Info

Product

Resources

About