A Reusable SQL Injection Detection Method for Java']Java Web Applications

被引:1
|
作者
He, Chengwan [1 ]
He, Yue [2 ]
机构
[1] Wuhan Inst Technol, Sch Comp Sci & Engn, Wuhan 430205, Hubei, Peoples R China
[2] Wuhan Univ Technol, Sch Informat Engn, Wuhan 430000, Hubei, Peoples R China
来源
KSII TRANSACTIONS ON INTERNET AND INFORMATION SYSTEMS | 2020年 / 14卷 / 06期
关键词
SQL injection attack; aspect-oriented programming; taint analysis; aspect library; metamodel;
D O I
10.3837/tiis.2020.06.014
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
The fundamental reason why most SQL injection detection methods are difficult to use in practice is the low reusability of the implementation code. This paper presents a reusable SQL injection detection method for Java Web applications based on AOP (Aspect-Oriented Programming) and dynamic taint analysis, which encapsulates the dynamic taint analysis processes into different aspects and establishes aspect library to realize the large-grained reuse of the code for detecting SQL injection attacks. A metamodel of aspect library is proposed, and a management tool for the aspect library is implemented. Experiments show that this method can effectively detect 7 known types of SQL injection attack such as tautologies, logically incorrect queries, union query, piggy-backed queries, stored procedures, inference query, alternate encodings and so on, and support the large-grained reuse of the code for detecting SQL injection attacks.
引用
收藏
页码:2576 / 2590
页数:15
相关论文
共 50 条
  • [21] Assisting Programmers Resolving Vulnerabilities in Java']Java Web Applications
    Bathia, Pranjal
    Beerelli, Bharath Reddy
    Laverdiere, Marc-Andre
    ADVANCED COMPUTING, PT III, 2011, 133 : 268 - 279
  • [22] Formal development of Java']Java based Web parallel applications
    Serugendo, GD
    Guelfi, N
    PROCEEDINGS OF THE THIRTY-FIRST HAWAII INTERNATIONAL CONFERENCE ON SYSTEM SCIENCES, VOL VII: SOFTWARE TECHNOLOGY TRACK, 1998, : 604 - 613
  • [23] Migration of Legacy Java']Java Desktop Applications to Collaborative Web
    Labian, Antonio
    Garcia-Consuegra, Jesus D.
    Ortega, Manuel
    HUMAN-COMPUTER INTERACTION, HCI-COLLAB 2023, 2024, 1877 : 200 - 209
  • [24] Interactive graphics toolkit for java']java applications and web applets
    Denbo, DW
    17TH INTERNATIONAL CONFERENCE ON INTERACTIVE INFORMATION AND PROCESSING SYSTEMS (IIPS) FOR METEOROLOGY, OCEANOGRAPHY, AND HYDROLOGY, 2001, : 372 - 375
  • [25] Locating SQL Injection Vulnerabilities in Java']Java Byte Code using Natural Language Techniques
    Jackson, Kevin A.
    Bennett, Brian T.
    IEEE SOUTHEASTCON 2018, 2018,
  • [26] Practical AJAX Race Detection for Java']JavaScript Web Applications
    Adamsen, Christoffer Quist
    Moller, Anders
    Alimadadi, Saba
    Tip, Frank
    ESEC/FSE'18: PROCEEDINGS OF THE 2018 26TH ACM JOINT MEETING ON EUROPEAN SOFTWARE ENGINEERING CONFERENCE AND SYMPOSIUM ON THE FOUNDATIONS OF SOFTWARE ENGINEERING, 2018, : 38 - 48
  • [27] Web page caching in java Web applications
    Turner, David A.
    Int. Conf. Inf. Technol. Coding Comput., (805-808):
  • [28] Reusable Java']Java components for physics education
    Cary, JR
    Alexander, DA
    COMPUTERS IN PHYSICS, 1998, 12 (04): : 314 - 318
  • [29] Enhancing Java']Java Web Application Security: Injection Vulnerability Detection via Interprocedural Analysis and Deep Learning
    Zhang, Bing
    Zhi, Xu
    Wang, Meng
    Ren, Rong
    Dong, Jun
    IEEE TRANSACTIONS ON RELIABILITY, 2025,
  • [30] Dynamic Symbolic Execution for the Analysis of Web Server Applications in Java']Java
    Balasubramanian, Daniel
    Zhang, Zhenkai
    McDermet, Dan
    Karsai, Gabor
    SAC '19: PROCEEDINGS OF THE 34TH ACM/SIGAPP SYMPOSIUM ON APPLIED COMPUTING, 2019, : 2178 - 2185
12345