Semi-Automated Verification of Defense against SQL Injection in Web Applications

Liu, Kaiping; Tan, Hee Beng Kuan; Shar, Lwin Khin

doi:10.1109/apsec.2012.18

2012 19th Asia-Pacific Software Engineering Conference 2012

DOI: 10.1109/apsec.2012.18

|View full text |Cite

Semi-Automated Verification of Defense against SQL Injection in Web Applications

Kaiping Liu

Hee Beng Kuan Tan

Lwin Khin Shar

Abstract: Recent reports reveal that majority of the attacks to Web applications are input manipulation attacks. Among these attacks, SQL injection attack -malicious input is submitted to manipulate the database in a way that was unintended by the applications' developers -is one such attack. This paper proposes an approach for assisting to code verification process on the defense against SQL injection. The approach extracts all such defenses implemented in code. With the use of the proposed approach, developers, tester… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...

Citation Types

Supporting

Mentioning

Contrasting

Year Published

2014

Publication Types

Select...

Article1

Relationship

Self Cite0

Independent1

Authors

Journals

Cited by 1 publication

References 29 publications

(60 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

Vulnerability of Directory List and Countermeasures

Hong

2014

Journal of Digital Convergence

View full text Add to dashboard Cite

The web server is configured to display the list of files contained in this directory. This is not recommended because the directory may contain files that are not normally exposed through links on the web site. The directory list have some serious vulnerability to show internal files and directory to outsider attackers. Therefore, the proposed countermeasure of directory list is presented to prevent unnecessary valuable information from outsider attackers.

show abstract

Vulnerability of Directory List and Countermeasures

Hong

2014

Journal of Digital Convergence

View full text Add to dashboard Cite

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Semi-Automated Verification of Defense against SQL Injection in Web Applications

Cited by 1 publication

References 29 publications

Vulnerability of Directory List and Countermeasures

Vulnerability of Directory List and Countermeasures

Contact Info

Product

Resources

About