Detecting SOQL-Injection Vulnerabilities in SalesForce Applications

被引:0
|
作者
Saxena, Amitabh
Sengupta, Shubhashis
Duraisamy, Pradeepkumar
Kaulgud, Vikrant
Chakraborty, Amit
机构
来源
2013 INTERNATIONAL CONFERENCE ON ADVANCES IN COMPUTING, COMMUNICATIONS AND INFORMATICS (ICACCI) | 2013年
关键词
D O I
暂无
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
The two most common web-attacks used by hackers to steal data are SQL-injection and cross-site scripting (XSS). These are examples of taint vulnerabilities where maliciously crafted code (for example, a SQL query) is injected into a Web application by embedding it inside innocuous looking user inputs. We present the design of TRAP (Taint Removal and Analysis Platform), a static data-flow analysis tool to detect SOQL-injection problems in SalesForce applications. TRAP is designed to be language independent as it uses an XML intermediate language called STAC (STatic Analysis Code), on which the analysis is done. Currently, we have implemented STAC compilers for Apex and Java.
引用
收藏
页码:489 / 493
页数:5
相关论文
共 50 条
  • [1] A Rejection-Based Approach for Detecting SQL Injection Vulnerabilities in Web Applications
    Saoudi, Lalia
    Adi, Kamel
    Boudraa, Younes
    FOUNDATIONS AND PRACTICE OF SECURITY, FPS 2019, 2020, 12056 : 379 - 386
  • [2] Detecting SQL Injection Vulnerabilities in Web Services
    Antunes, Nuno
    Vieira, Marco
    LADC: 2009 4TH LATIN-AMERICAN SYMPOSIUM ON DEPENDABLE COMPUTING, 2009, : 17 - 24
  • [3] A Mutation Approach of Detecting SQL Injection Vulnerabilities
    Huang, Yanyu
    Fu, Chuan
    Chen, Xuan
    Guo, Hao
    He, Xiaoyu
    Li, Jin
    Liu, Zheli
    CLOUD COMPUTING AND SECURITY, PT II, 2017, 10603 : 175 - 188
  • [4] Security Testing of Web Applications: A Search-Based Approach for Detecting SQL Injection Vulnerabilities
    Liu, Muyang
    Li, Ke
    Chen, Tao
    PROCEEDINGS OF THE 2019 GENETIC AND EVOLUTIONARY COMPUTATION CONFERENCE COMPANION (GECCCO'19 COMPANION), 2019, : 417 - 418
  • [5] FaultArm: Detecting Fault Injection Vulnerabilities in Arm Assembly
    Kharangate, Prateek
    Rached, Guillermo
    Musungu, Harris
    Niu, Nan
    Wang, Boyang
    IEEE NATIONAL AEROSPACE AND ELECTRONICS CONFERENCE, NAECON 2024, 2024, : 285 - 290
  • [6] SEPTIC: Detecting Injection Attacks and Vulnerabilities Inside the DBMS
    Medeiros, Iberia
    Beatriz, Miguel
    Neves, Nuno
    Correia, Miguel
    IEEE TRANSACTIONS ON RELIABILITY, 2019, 68 (03) : 1168 - 1188
  • [7] A static analysis framework for detecting SQL injection vulnerabilities
    Fu, Xiang
    Lu, Xin
    Peltsverger, Boris
    Chen, Shijun
    Qian, Kai
    Tao, Lixin
    COMPSAC 2007: THE THIRTY-FIRST ANNUAL INTERNATIONAL COMPUTER SOFTWARE AND APPLICATIONS CONFERENCE, VOL I, PROCEEDINGS, 2007, : 87 - +
  • [8] LogInjector: Detecting Web Application Log Injection Vulnerabilities
    Pan, Zulie
    Chen, Yu
    Chen, Yuanchao
    Shen, Yi
    Li, Yang
    APPLIED SCIENCES-BASEL, 2022, 12 (15):
  • [9] Detecting Injection vulnerabilities in Executable Codes with Concolic Execution
    Mouzarani, Maryam
    Sadeghiyan, Babak
    Zolfaghari, Mohammad
    PROCEEDINGS OF 2017 8TH IEEE INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING AND SERVICE SCIENCE (ICSESS 2017), 2017, : 50 - 57
  • [10] Understanding the Challenges in Detecting Vulnerabilities of Rust Applications
    Stephens, Diane B.
    Aldoshan, Kawkab
    Khandaker, Mustakimur Rahman
    2024 IEEE SECURE DEVELOPMENT CONFERENCE, SECDEV 2024, 2024, : 54 - 63
12345