An empirical analysis of input validation mechanisms in web applications and languages

Scholte, Theodoor; Robertson, William; Balzarotti, Davide; Kirda, Engin

doi:10.1145/2245276.2232004

Cited by 24 publications

(21 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The second theorem provides a formal basis for the widely-accepted rule of thumb that it is unsafe to use unvalidated input during query construction [20,27]. Theorem 2 states that if an application always includes an untrusted input (i m ) verbatim in its output (without even inspecting the input), and the same application has some input (v 1 , .., v n ) for which it outputs a valid SQL program, then there exists a way to construct an attack input (a m ) such that the application's output will exhibit a CIAO and therefore a BroNIE.…”

Section: Analysis Of the Bronie Definitionmentioning

confidence: 99%

“…Given that applications commonly fail to validate untrusted inputs [27], it would be beneficial to have mechanisms for automatically preventing injection attacks. At a high level, BroNIEs can be precisely and automatically prevented by:…”

Section: An Algorithm For Precisely Detecting Broniesmentioning

confidence: 99%

“…The parts of Algorithm 1 that are directly related to BroNIE detection are the calls to tokenize (Lines 2 and 3), the invocation of M arkN oncodeT oks (Line 4), the initialization of the i and j variables (Line 5), the two while loops (Lines 6-22), and the final if statement (Lines [23][24][25][26][27]. To the best of our knowledge, every commonly-used programming language requires no more than linear time to partition tokens as code or noncode, so the proof of Theorem 4 assumes that the language-dependent M arkN oncodeT oks function runs in time linear in the number of tokens.…”

Section: Analysis Of the Bronie-detection Algorithmmentioning

confidence: 99%

See 2 more Smart Citations

Defining Injection Attacks

Ray

Ligatti

2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. This paper defines and analyzes injection attacks. The definition is based on the NIE property, which states that an application's untrusted inputs must only produce Noncode Insertions or Expansions in output programs (e.g., SQL queries). That is, when applications generate output programs based on untrusted inputs, the NIE property requires that inputs only affect output programs by inserting or expanding noncode tokens (e.g., string and float literals, lambda values, pointers, etc). This paper calls attacks based on violating the NIE property BroNIEs (i.e., Broken NIEs) and shows that all code-injection attacks are BroNIEs. In addition, BroNIEs contain many malicious injections that do not involve injections of code; we call such attacks noncode-injection attacks. In order to mitigate both code-and noncode-injection attacks, this paper presents an algorithm for detecting and preventing BroNIEs.

show abstract

Section: Analysis Of the Bronie Definitionmentioning

confidence: 99%

Section: An Algorithm For Precisely Detecting Broniesmentioning

confidence: 99%

Section: Analysis Of the Bronie-detection Algorithmmentioning

confidence: 99%

See 1 more Smart Citation

Defining Injection Attacks

Ray

Ligatti

2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…XSS Web Application attack mechanisms can be detected indirectly by comparing posted URL to black-listed sites [36], by identifying typical XSS coding patterns [37]. The detection and prevention of XSS attack are difficult because of incomplete implementations, inherent limitations, the complexity of development frameworks and the requirement for run-time compatibility [38].…”

Section: Fig 1 the Difference Between False Negative And False Posimentioning

confidence: 99%

Human Perception of the Measurement of a Network Attack Taxonomy in Near Real-Time

Heerden

Malan

Mouton

et al. 2014

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

Abstract. This paper investigates how the measurement of a network attack taxonomy can be related to human perception. Network attacks do not have a time limitation, but the earlier its detected, the more damage can be prevented and the more preventative actions can be taken. This paper evaluate how elements of network attacks can be measured in near real-time(60 seconds). The taxonomy we use was developed by van Heerden et al (2012) with over 100 classes. These classes present the attack and defenders point of view. The degree to which each class can be quantified or measured is determined by investigating the accuracy of various assessment methods. We classify each class as either defined, high, low or not quantifiable. For example, it may not be possible to determine the instigator of an attack (Aggressor), but only that the attack has been launched by a Hacker (Actor). Some classes can only be quantified with a low confidence or not at all in a sort (near real-time) time. The IP address of an attack can easily be faked thus reducing the confidence in the information obtained from it, and thus determining the origin of an attack with a low confidence. This determination itself is subjective. All the evaluations of the classes in this paper is subjective, but due to the very basic grouping (High, Low or Not Quantifiable) a subjective value can be used. The complexity of the taxonomy can be significantly reduced if classes with only a high perceptive accuracy is used.

show abstract

“…Unfortunately, the Web security technology is not so strong that Web applications are often maliciously attacked. It is the complexity of the Web application structure and dynamic Web technology [3], that greatly increases the complexity to detect the Web application injection and proposes the challenge to the research of the problem [4][5][6].…”

Section: Introductionmentioning

confidence: 99%

Review of XSS Attack and Detection on Web Applications

Zhao¹,

Wang²,

Ding³

2017

Proceedings of the International Conference on Computer Networks and Communication Technology (CNCT 2016)

View full text Add to dashboard Cite

Abstract. Aiming at the difficulties to prevent Web applications to be maliciously injected which are increased by all kinds of dynamic Web technologies applied, concentrate on XSS attack, this paper reviews the research progresses of Web application injection vulnerabilities detection in recent years. It summarizes the classification and causes of the XSS injection security vulnerabilities, analyzes the complexity of security vulnerabilities detection; then proposes the key technologies of the existing detection approached, including analyzing and identifying the injection points, injection detection by software analysis and testing, symbolic execution, taint analysis; finally presents its future development direction.

show abstract

An empirical analysis of input validation mechanisms in web applications and languages

Cited by 24 publications

References 19 publications

Defining Injection Attacks

Defining Injection Attacks

Human Perception of the Measurement of a Network Attack Taxonomy in Near Real-Time

Review of XSS Attack and Detection on Web Applications

Contact Info

Product

Resources

About