Thumbnail
Access Restriction
Subscribed

Author Yaohui Wang ♦ Dan Wang ♦ Wenbing Zhao ♦ Yuan Liu
Source IEEE Xplore Digital Library
Content type Text
Publisher Institute of Electrical and Electronics Engineers, Inc. (IEEE)
File Format PDF
Copyright Year ©2015
Language English
Subject Domain (in DDC) Computer science, information & general works ♦ Data processing & computer science
Subject Keyword Algorithm design and analysis ♦ Computer bugs ♦ Testing ♦ Analytical models ♦ Arrays ♦ Feature extraction ♦ Prototypes ♦ SQL vulnerabilities; combination of static and dynamic technique; alias analysis; behavior model
Abstract Targeting at PHP program, this paper proposes an SQL vulnerability detection method based on the injection analysis technology. This method makes a detailed analysis on the one-time injection in the aspects of data flow and program behavior, on the basis of the combination of dynamic and static analysis technique. Then it implements the SQL vulnerability determination algorithm which is based on lexical feature comparison. At last, this paper combines alias analysis technology, behavior model and SQL which is based on lexical feature comparison to design and establish a prototype system for SQL vulnerability detection. The experiment shows that our system has a good strong ability of SQL vulnerability detection and very low time cost.
Description Author affiliation: Beijing Univ. of Technol., Beijing, China (Yaohui Wang; Dan Wang; Wenbing Zhao; Yuan Liu)
ISSN 07303157
Educational Role Student ♦ Teacher
Age Range above 22 year
Educational Use Research ♦ Reading
Education Level UG and PG
Learning Resource Type Article
Publisher Date 2015-07-01
Publisher Place Taiwan
Rights Holder Institute of Electrical and Electronics Engineers, Inc. (IEEE)
e-ISBN 9781467365642
Size (in Bytes) 165.27 kB
Page Count 4
Starting Page 604
Ending Page 607


Source: IEEE Xplore Digital Library