Formal analysis of vulnerabilities of web applications based on SQL injection (extended version)
F De Meo, M Rocchetto, L Viganò - arXiv preprint arXiv:1605.00358, 2016 - arxiv.org
We present a formal approach that exploits attacks related to SQL Injection (SQLi) searching
for security flaws in a web application. We give a formal representation of web applications
and databases, and show that our formalization effectively exploits SQLi attacks. We
implemented our approach in a prototype tool called SQLfast and we show its efficiency on
real-world case studies, including the discovery of an attack on Joomla! that no other tool
can find.
for security flaws in a web application. We give a formal representation of web applications
and databases, and show that our formalization effectively exploits SQLi attacks. We
implemented our approach in a prototype tool called SQLfast and we show its efficiency on
real-world case studies, including the discovery of an attack on Joomla! that no other tool
can find.
Formal analysis of vulnerabilities of web applications based on SQL injection
F De Meo, M Rocchetto, L Viganò - Security and Trust Management: 12th …, 2016 - Springer
We present a formal approach for the analysis of attacks that exploit SQLi to violate security
properties of web applications. We give a formal representation of web applications and
databases, and show that our formalization effectively exploits SQLi attacks. We
implemented our approach in a prototype tool called SQLfast and we show its efficiency on
four real-world case studies, including the discovery of an attack on Joomla! that no other
tool can find.
properties of web applications. We give a formal representation of web applications and
databases, and show that our formalization effectively exploits SQLi attacks. We
implemented our approach in a prototype tool called SQLfast and we show its efficiency on
four real-world case studies, including the discovery of an attack on Joomla! that no other
tool can find.
Showing the best results for this search. See all results