The essence of command injection attacks in web applications

Su, Zhendong; Wassermann, Gary

doi:10.1145/1111037.1111070

Cited by 318 publications

(263 citation statements)

References 26 publications

Supporting

Mentioning

262

Contrasting

Order By: Relevance

“…The results are shown in Table 13. CSSE [41] SQLCheck [42] SQLGuard [43] SQLrand [44] Tautologychecker Checker [43] Web App. Hardening [45] IDS [46] Our approach…”

Section: Figure 4 Overhead Performancementioning

confidence: 99%

New Strategy for Mitigating of SQL Injection Attack

Alazab¹,

Khresiat²

2016

IJCA

View full text Add to dashboard Cite

SQL injection attack (SQLIA) is a serious threat to web applications. A successful SQLIAs can have serious consequences to the victimized organization that include financial lose, reputation lose, compliance and regulatory breach. Therefore, developing approaches for mitigating SQLIA is paramount important. To this end, we propose an approach based on negative tainting along with SQL keyword analysis for detecting and preventing SQLIA. We have tested our proposed approach on all types of SQLIAs techniques by generating SQL queries containing legitimate SQL commands and SQLIA. We present an analysis and evaluation of the proposed approach to demonstrate its effectiveness in detecting and protecting SQLIA attack.

show abstract

“…The results are shown in Table 13. CSSE [41] SQLCheck [42] SQLGuard [43] SQLrand [44] Tautologychecker Checker [43] Web App. Hardening [45] IDS [46] Our approach…”

Section: Figure 4 Overhead Performancementioning

confidence: 99%

New Strategy for Mitigating of SQL Injection Attack

Alazab¹,

Khresiat²

2016

IJCA

View full text Add to dashboard Cite

show abstract

“…Detecting which parts of the code unit's inputs should be made concrete could benefit from existing work (e.g. [67,68]) over detection of SQL injections attacks.…”

Section: Future Workmentioning

confidence: 99%

Relational symbolic execution of SQL code for unit testing of database programs

Marcozzi

Vanhoof

Hainaut

2015

Science of Computer Programming

View full text Add to dashboard Cite

Symbolic execution is a technique enabling the automatic generation of test inputs that exercise a set of execution paths within a code unit to be tested. If the paths cover a sufficient part of the code under test, the test data offer a representative view of the actual behaviour of this code. This notably enables detecting errors and correcting faults. Relational databases are ubiquitous in software, but symbolic execution of code units that manipulate them remains a non-trivial problem, particularly because of the complex structure of such databases and the complex behaviour of SQL statements. Finding errors in such code units is yet critical, as it can avoid corrupting important data. In this work, we define a symbolic execution translating database manipulation code directly into constraints and integrate it with a more traditional symbolic execution of normal program code. The database tables are represented by relational symbols and the SQL statements by relational constraints over these symbols. An algorithm based on these principles is presented for the symbolic execution of simple Java methods that implement transactional use cases by reading and writing in a relational database, the latter subject to data integrity constraints. The algorithm is integrated in a test generation tool and experimented over sample code. The target language for the constraints produced by the tool is the SMT-Lib standard and the used solver is Microsoft Z3. The results show that the proposed approach enables generating meaningful test data, including valid database content, in reasonable time. In particular, the Z3 solver is shown to be more scalable than the Alloy solver, used in our previous work, for solving relational constraints.

show abstract

“…Taint analysis aims to detect illegal information flow by tracking the taint, and it has been widely used for analyzing malware [3,22,26,28,29,31,37]. As pointed out by Saxena et al [26], taint tracking usually incurs high performance overhead.…”

Section: Related Workmentioning

confidence: 99%

Roving bugnet: Distributed surveillance threat and mitigation

Farley¹,

Wang²

2010

Computers & Security

View full text Add to dashboard Cite

Advanced mobile devices such as laptops and smartphones make convenient hiding places for surveillance spyware. They commonly have a microphone and camera built-in, are increasingly network accessible, frequently within close proximity of their users, and almost always lack mechanisms designed to prevent unauthorized microphone or camera access.In order to explore surveillance intrusion and detection methods, we present a modernized version of a microphone hijacker for Windows and Mac OS X. This attack can be executed as soon as the target connects to the Internet from anywhere in the world without requiring interaction from victimized users. As the attacker compromises additional machines they are organized into a botnet so the attacker can maintain stealthy control of the systems and launch later surveillance attacks.We then present a mechanism to detect the threat on Windows, as well as a novel method to deceive an attacker in order to permit traceback. As a result of the detection mechanism we address a missing segment of resource control, decreasing the complexity of privacy concerns as exploitable devices become more pervasive.

show abstract

The essence of command injection attacks in web applications

Cited by 318 publications

References 26 publications

New Strategy for Mitigating of SQL Injection Attack

New Strategy for Mitigating of SQL Injection Attack

Relational symbolic execution of SQL code for unit testing of database programs

Roving bugnet: Distributed surveillance threat and mitigation

Contact Info

Product

Resources

About