Formulation of SQL Injection Vulnerability Detection as Grammar Reachability Problem
| Title | Formulation of SQL Injection Vulnerability Detection as Grammar Reachability Problem |
| Publication Type | Conference Paper |
| Year of Publication | 2018 |
| Authors | Umar, K., Sultan, A. B., Zulzalil, H., Admodisastro, N., Abdullah, M. T. |
| Conference Name | 2018 International Conference on Information and Communication Technology for the Muslim World (ICT4M) |
| Date Published | jul |
| ISBN Number | 978-1-5386-7525-0 |
| Keywords | Access Control, compositionality, cross-site scripting, flow graphs, Grammar, Human Behavior, Metrics, Production, pubcrawl, reachability analysis, Resiliency, SQL Injection, static analysis, vulnerabilities detection, vulnerability detection, Web application |
| Abstract | Data dependency flow have been reformulated as Context Free Grammar (CFG) reachability problem, and the idea was explored in detection of some web vulnerabilities, particularly Cross Site Scripting (XSS) and Access Control. However, reformulation of SQL Injection Vulnerability (SQLIV) detection as grammar reachability problem has not been investigated. In this paper, concepts of data dependency flow was used to reformulate SQLIVs detection as a CFG reachability problem. The paper, consequently defines reachability analysis strategy for SQLIVs detection. |
| URL | https://ieeexplore.ieee.org/document/8567117 |
| DOI | 10.1109/ICT4M.2018.00041 |
| Citation Key | umar_formulation_2018 |