Loading [MathJax]/extensions/MathMenu.js
Automated Protection of PHP Applications Against SQL-injection Attacks | IEEE Conference Publication | IEEE Xplore

Automated Protection of PHP Applications Against SQL-injection Attacks


Abstract:

Web sites may be static sites, programs, or databases, and very often a combination of the three integrating relational databases as a back-end. Web sites require care in...Show More

Abstract:

Web sites may be static sites, programs, or databases, and very often a combination of the three integrating relational databases as a back-end. Web sites require care in configuration and programming to assure security, confidentiality, and trustworthiness of the published information. SQL-injection attacks exploit weak validation of textual input used to build database queries. Maliciously crafted input may threaten the confidentiality and the security policies of Web sites relying on a database to store and retrieve information. This paper presents an original approach that combines static analysis, dynamic analysis, and code re-engineering to automatically protect applications written in PHP from SQL-injection attacks. The paper also reports preliminary results of experiments performed on an old SQL-injection prone version of phpBB (version 2.0.0, 37193 LOC of PHP version 4.2.2 code). Results show that our approach successfully improved phpBB-2.0.0 resistance to SQL-injection attacks
Date of Conference: 21-23 March 2007
Date Added to IEEE Xplore: 02 April 2007
Print ISBN:0-7695-2802-3
Print ISSN: 1534-5351
Conference Location: Amsterdam, Netherlands

Contact IEEE to Subscribe

References

References is not available for this document.