Formal Analysis of Vulnerabilities of Web Applications Based on SQL Injection (Extended Version)
classification
💻 cs.CR
keywords
formalapplicationsapproachattacksexploitsinjectionsqlitool
read the original abstract
We present a formal approach that exploits attacks related to SQL Injection (SQLi) searching for security flaws in a web application. We give a formal representation of web applications and databases, and show that our formalization effectively exploits SQLi attacks. We implemented our approach in a prototype tool called SQLfast and we show its efficiency on real-world case studies, including the discovery of an attack on Joomla! that no other tool can find.
This paper has not been read by Pith yet.
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.