A Reusable SQL Injection Detection Method for Java']Java Web Applications

被引:1
|
作者
He, Chengwan [1 ]
He, Yue [2 ]
机构
[1] Wuhan Inst Technol, Sch Comp Sci & Engn, Wuhan 430205, Hubei, Peoples R China
[2] Wuhan Univ Technol, Sch Informat Engn, Wuhan 430000, Hubei, Peoples R China
来源
KSII TRANSACTIONS ON INTERNET AND INFORMATION SYSTEMS | 2020年 / 14卷 / 06期
关键词
SQL injection attack; aspect-oriented programming; taint analysis; aspect library; metamodel;
D O I
10.3837/tiis.2020.06.014
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
The fundamental reason why most SQL injection detection methods are difficult to use in practice is the low reusability of the implementation code. This paper presents a reusable SQL injection detection method for Java Web applications based on AOP (Aspect-Oriented Programming) and dynamic taint analysis, which encapsulates the dynamic taint analysis processes into different aspects and establishes aspect library to realize the large-grained reuse of the code for detecting SQL injection attacks. A metamodel of aspect library is proposed, and a management tool for the aspect library is implemented. Experiments show that this method can effectively detect 7 known types of SQL injection attack such as tautologies, logically incorrect queries, union query, piggy-backed queries, stored procedures, inference query, alternate encodings and so on, and support the large-grained reuse of the code for detecting SQL injection attacks.
引用
收藏
页码:2576 / 2590
页数:15
相关论文
共 50 条
  • [1] Static detection of logic vulnerabilities in Java']Java web applications
    Fang, Zhejun
    Zhang, Yuqing
    Kong, Ying
    Liu, Qixu
    SECURITY AND COMMUNICATION NETWORKS, 2014, 7 (03) : 519 - 531
  • [2] Web applications as Java']Java servlets
    Cox, B
    DR DOBBS JOURNAL, 2001, 26 (05): : 97 - +
  • [3] Modular Java']Java Web Applications
    Kaegi, Simon Richard
    Deugo, Dwight
    APPLIED COMPUTING 2008, VOLS 1-3, 2008, : 688 - +
  • [4] Web page caching in Java']Java Web applications
    Turner, DA
    ITCC 2005: International Conference on Information Technology: Coding and Computing, Vol 2, 2005, : 805 - 808
  • [5] Extending Java']Java web applications for Semantic Web
    Rovan, Lidia
    Nizetic, Ivana
    PROCEEDINGS OF THE ITI 2008 30TH INTERNATIONAL CONFERENCE ON INFORMATION TECHNOLOGY INTERFACES, 2008, : 289 - 294
  • [6] JS']JSEFuzz: Vulnerability Detection Method for Java']Java Web Application
    Man, Hongpeng
    An, Jing
    Huang, Wei
    Fan, Wenqing
    2018 3RD INTERNATIONAL CONFERENCE ON SYSTEM RELIABILITY AND SAFETY (ICSRS), 2018, : 92 - 96
  • [7] Develop web applications with XML and Java']Java
    Hill, T
    Liu, JB
    COMPUTERS AND THEIR APPLICATIONS, 2003, : 434 - 437
  • [8] Input Injection Detection in Java']Java Code
    Pasaribu, Edward Samuel
    Asnar, Yudistira
    Liem, M. M. Inggriani
    2014 International Conference on Data and Software Engineering (ICODSE), 2014,
  • [9] Java']JavaContexts: A Java']Java based programming language for the development of highly reusable software applications
    Wieczerzycki, W
    SERP '05: Proceedings of the 2005 International Conference on Software Engineering Research and Practice, Vols 1 and 2, 2005, : 497 - 503
  • [10] Implementation of techniques, standards and safety recommendations to prevent XSS and SQL injection attacks in Java']Java EE RESTful applications
    Guaman, Daniel
    Guaman, Franco
    Jaramillo, Danilo
    Correa, Roddy
    NEW ADVANCES IN INFORMATION SYSTEMS AND TECHNOLOGIES, VOL 1, 2016, 444 : 691 - 706
12345