WASP: Protecting Web Applications Using Positive Tainting and Syntax-Aware Evaluation
Halfond, W.G.J.
Orso, A.
Manolios, P.
Georgia Inst. of Technol., Atlanta;
This paper appears in: Software Engineering, IEEE Transactions on
Publication Date: Jan.-Feb. 2008
Volume: 34,
Issue: 1
On page(s): 65-81
Location: San Francisco, CA, USA,
ISSN: 0098-5589
INSPEC Accession Number: 9836383
Digital Object Identifier: 10.1109/TSE.2007.70748
Current Version Published: 2008-01-31
Abstract
Many software systems have evolved to include a Web-based component that makes them available to the public via the Internet and can expose them to a variety of Web-based attacks. One of these attacks is SQL injection, which can give attackers unrestricted access to the databases that underlie Web applications and has become increasingly frequent and serious. This paper presents a new highly automated approach for protecting Web applications against SQL injection that has both conceptual and practical advantages over most existing techniques. From a conceptual standpoint, the approach is based on the novel idea of positive tainting and on the concept of syntax-aware evaluation. From a practical standpoint, our technique is precise and efficient, has minimal deployment requirements, and incurs a negligible performance overhead in most cases. We have implemented our techniques in the Web application SQL-injection preventer (WASP) tool, which we used to perform an empirical evaluation on a wide range of Web applications that we subjected to a large and varied set of attacks and legitimate accesses. WASP was able to stop all of the otherwise successful attacks and did not generate any false positives.
Index
Terms
Available to subscribers and IEEE members.
References
Available to subscribers and IEEE members.
Citing Documents
Available to subscribers and IEEE members.
Cart
