Detecting SOQL-Injection Vulnerabilities in SalesForce Applications

被引:0
|
作者
Saxena, Amitabh
Sengupta, Shubhashis
Duraisamy, Pradeepkumar
Kaulgud, Vikrant
Chakraborty, Amit
机构
来源
2013 INTERNATIONAL CONFERENCE ON ADVANCES IN COMPUTING, COMMUNICATIONS AND INFORMATICS (ICACCI) | 2013年
关键词
D O I
暂无
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
The two most common web-attacks used by hackers to steal data are SQL-injection and cross-site scripting (XSS). These are examples of taint vulnerabilities where maliciously crafted code (for example, a SQL query) is injected into a Web application by embedding it inside innocuous looking user inputs. We present the design of TRAP (Taint Removal and Analysis Platform), a static data-flow analysis tool to detect SOQL-injection problems in SalesForce applications. TRAP is designed to be language independent as it uses an XML intermediate language called STAC (STatic Analysis Code), on which the analysis is done. Currently, we have implemented STAC compilers for Apex and Java.
引用
收藏
页码:489 / 493
页数:5
相关论文
共 50 条
  • [31] Detecting SQL Injection Vulnerabilities Using Artificial Bee Colony and Ant Colony Optimization
    Baptista, Kevin
    Bernardino, Eugenia Moreira
    Bernardino, Anabela Moreira
    INFORMATION SYSTEMS AND TECHNOLOGIES, WORLDCIST 2022, VOL 3, 2022, 470 : 273 - 283
  • [32] Evaluation of Black-Box Web Application Security Scanners in Detecting Injection Vulnerabilities
    Althunayyan, Muzun
    Saxena, Neetesh
    Li, Shancang
    Gope, Prosanta
    ELECTRONICS, 2022, 11 (13)
  • [33] Automatic Generation of Tests to Exploit XML Injection Vulnerabilities in Web Applications
    Jan, Sadeeq
    Panichella, Annibale
    Arcuri, Andrea
    Briand, Lionel
    IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 2019, 45 (04) : 335 - 362
  • [34] Securing web applications from injection and logic vulnerabilities: Approaches and challenges
    Deepa, G.
    Thilagam, P. Santhi
    INFORMATION AND SOFTWARE TECHNOLOGY, 2016, 74 : 160 - 180
  • [35] Test SQL Injection Vulnerabilities in Web Applications Based on Structure Matching
    Wu, Haiyan
    Gao, Guozhu
    Miao, Chunyu
    2011 INTERNATIONAL CONFERENCE ON COMPUTER SCIENCE AND NETWORK TECHNOLOGY (ICCSNT), VOLS 1-4, 2012, : 935 - 938
  • [36] Commix: automating evaluation and exploitation of command injection vulnerabilities in Web applications
    Stasinopoulos, Anastasios
    Ntantogian, Christoforos
    Xenakis, Christos
    INTERNATIONAL JOURNAL OF INFORMATION SECURITY, 2019, 18 (01) : 49 - 72
  • [37] Commix: automating evaluation and exploitation of command injection vulnerabilities in Web applications
    Anastasios Stasinopoulos
    Christoforos Ntantogian
    Christos Xenakis
    International Journal of Information Security, 2019, 18 : 49 - 72
  • [38] DetLogic: A black-box approach for detecting logic vulnerabilities in web applications
    Deepa, G.
    Thilagam, P. Santhi
    Praseed, Amit
    Pais, Alwyn R.
    JOURNAL OF NETWORK AND COMPUTER APPLICATIONS, 2018, 109 : 89 - 109
  • [39] Detecting and Exploiting Second Order Denial-of-Service Vulnerabilities in Web Applications
    Olivo, Oswaldo
    Dillig, Isil
    Lin, Calvin
    CCS'15: PROCEEDINGS OF THE 22ND ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2015, : 616 - 628
  • [40] Fault-based testing for discovering SQL injection vulnerabilities in web applications
    Alsmadi I.
    AlEroud A.
    Saifan A.A.
    International Journal of Information and Computer Security, 2021, 16 (1-2): : 51 - 62
12345