SQL injection

About: SQL injection is a research topic. Over the lifetime, 2174 publications have been published within this topic receiving 33241 citations. The topic is also known as: SQLI.

Using parse tree validation to prevent SQL injection attacks

Abstract: An SQL injection attack targets interactive web applications that employ database services. Such applications accept user input, such as form fields, and then include this input in database requests, typically SQL statements. In SQL injection, the attacker provides user input that results in a different database request than was intended by the application programmer. That is, the interpretation of the user input as part of a larger SQL statement, results in an SQL statement of a different form than originally intended. We describe a technique to prevent this kind of manipulation and hence eliminate SQL injection vulnerabilities. The technique is based on comparing, at run time, the parse tree of the SQL statement before inclusion of user input with that resulting after inclusion of input. Our solution is efficient, adding about 3 ms overhead to database query costs. In addition, it is easily adopted by application programmers, having the same syntactic structure as current popular record set retrieval methods. For empirical analysis, we provide a case study of our solution in J2EE. We implement our solution in a simple static Java class, and show its effectiveness and scalability.

Web application security assessment by fault injection and behavior monitoring

Abstract: As a large and complex application platform, the World Wide Web is capable of delivering a broad range of sophisticated applications. However, many Web applications go through rapid development phases with extremely short turnaround time, making it difficult to eliminate vulnerabilities. Here we analyze the design of Web application security assessment mechanisms in order to identify poor coding practices that render Web applications vulnerable to attacks such as SQL injection and cross-site scripting. We describe the use of a number of software-testing techniques (including dynamic analysis, black-box testing, fault injection, and behavior monitoring), and suggest mechanisms for applying these techniques to Web applications. Real-world situations are used to test a tool we named the Web Application Vulnerability and Error Scanner (WAVES, an open-source project available at http://waves.sourceforge.net) and to compare it with other tools. Our results show that WAVES is a feasible platform for assessing Web application security.

Taint-enhanced policy enforcement: a practical approach to defeat a wide range of attacks

Abstract: Policy-based confinement, employed in SELinux and specification-based intrusion detection systems, is a popular approach for defending against exploitation of vulnerabilities in benign software. Conventional access control policies employed in these approaches are effective in detecting privilege escalation attacks. However, they are unable to detect attacks that "hijack" legitimate access privileges granted to a program, e.g., an attack that subverts an FTP server to download the password file. (Note that an FTP server would normally need to access the password file for performing user authentication.) Some of the common attack types reported today, such as SQL injection and cross-site scripting, involve such subversion of legitimate access privileges. In this paper, we present a new approach to strengthen policy enforcement by augmenting security policies with information about the trustworthiness of data used in securitysensitive operations. We evaluated this technique using 9 available exploits involving several popular software packages containing the above types of vulnerabilities. Our technique sucessfully defeated these exploits.

Automatic creation of SQL Injection and cross-site scripting attacks

Abstract: We present a technique for finding security vulnerabilities in Web applications. SQL Injection (SQLI) and cross-site scripting (XSS) attacks are widespread forms of attack in which the attacker crafts the input to the application to access or modify user data and execute malicious code. In the most serious attacks (called second-order, or persistent, XSS), an attacker can corrupt a database so as to cause subsequent users to execute malicious code.

Understanding the New SQL: A Complete Guide

Abstract: 1 Introduction to SQL-92 2 Getting Started with SQL-92 3 Basic Table Creation and Data Manipulation 4 Basic Data Definition Language (DDL) 5 Values, Basic Functions, and Expressions 6 Advanced Value Expressions: CASE, CAST, and Row Value Expressions 7 Predicates 8 Working with Multiple Tables: The Relational Operators 9 Advanced SQL Query Expressions 10 Constraints, Assertions, and Referential Integrity 11 Accessing SQL from the Real World 12 Cursors 13 Privileges, Users, and Security 14 Transaction Management 15 Connections and Remote Database Access 16 DYNAMIC SQL 17 Diagnostics and Error Management 18 Internationalization Aspects of SQL-92 19 Information Schema 20 A Look to the Future A Designing SQL-92 Databases B A Complete SQL-92 Example C The SQL-92 Annexes: Differences, Implementation-Defined and Implementation-Dependent Features, Deprecated Features, and Leveling D Relevant Standards Bodies E Status Codes F The SQL Standardization Process G The Complete SQL-92 Language