We present a formal approach for the analysis of attacks that exploit SQLi to violate security properties of web applications. We give a formal representation of web applications and databases, and show that our formalization effectively exploits SQLi attacks. We implemented our approach in a prototype tool called SQLfast and we show its efficiency on four real-world case studies, including the discovery of an attack on Joomla! that no other tool can find.
CITATION STYLE
De Meo, F., Rocchetto, M., & Viganò, L. (2016). Formal analysis of vulnerabilities of web applications based on SQL injection. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 9871 LNCS, pp. 179–195). Springer Verlag. https://doi.org/10.1007/978-3-319-46598-2_13
Mendeley helps you to discover research relevant for your work.