CATALOGO DEI PRODOTTI DELLA RICERCA

We present a formal approach for the analysis of attacks that exploit SQLi to violate security properties of web applications. We give a formal representation of web applications and databases, and show that our formalization effectively exploits SQLi attacks. We implemented our approach in a prototype tool called SQLfast and we show its efficiency on four real-world case studies, including the discovery of an attack on Joomla! that no other tool can find

Formal Analysis of Vulnerabilities of Web Applications Based on SQL Injection

DE MEO, FEDERICO;VIGANO', Luca
2016-01-01

Abstract

We present a formal approach for the analysis of attacks that exploit SQLi to violate security properties of web applications. We give a formal representation of web applications and databases, and show that our formalization effectively exploits SQLi attacks. We implemented our approach in a prototype tool called SQLfast and we show its efficiency on four real-world case studies, including the discovery of an attack on Joomla! that no other tool can find
2016
978-3-319-46597-5
Formal analysis, Formal approach, Formal representations, Security properties, SQL injection, WEB application
04.01 Contributo in atti di convegno
File in questo prodotto:
File Dimensione Formato  
DeMeoRocchettoVigano.pdf

non disponibili

Tipologia: Versione dell'editore
Licenza: Accesso ristretto
Dimensione 262.21 kB
Formato Adobe PDF
  Visualizza/Apri   Richiedi una copia
262.21 kB Adobe PDF   Visualizza/Apri   Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11562/963105
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 5
  • ???jsp.display-item.citation.isi??? ND
social impact