Detecting SOQL-Injection Vulnerabilities in SalesForce Applications

被引:0
|
作者
Saxena, Amitabh
Sengupta, Shubhashis
Duraisamy, Pradeepkumar
Kaulgud, Vikrant
Chakraborty, Amit
机构
来源
2013 INTERNATIONAL CONFERENCE ON ADVANCES IN COMPUTING, COMMUNICATIONS AND INFORMATICS (ICACCI) | 2013年
关键词
D O I
暂无
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
The two most common web-attacks used by hackers to steal data are SQL-injection and cross-site scripting (XSS). These are examples of taint vulnerabilities where maliciously crafted code (for example, a SQL query) is injected into a Web application by embedding it inside innocuous looking user inputs. We present the design of TRAP (Taint Removal and Analysis Platform), a static data-flow analysis tool to detect SOQL-injection problems in SalesForce applications. TRAP is designed to be language independent as it uses an XML intermediate language called STAC (STatic Analysis Code), on which the analysis is done. Currently, we have implemented STAC compilers for Apex and Java.
引用
收藏
页码:489 / 493
页数:5
相关论文
共 50 条
  • [41] A Search-based Testing Approach for XML Injection Vulnerabilities in Web Applications
    Jan, Sadeeq
    Nguyen, Cu D.
    Arcuri, Andrea
    Briand, Lionel
    2017 10TH IEEE INTERNATIONAL CONFERENCE ON SOFTWARE TESTING, VERIFICATION AND VALIDATION (ICST), 2017, : 356 - 366
  • [42] Detecting Vulnerabilities in Web Applications Using Automated Black Box and Manual Penetration Testing
    Awang, Nor Fatimah
    Abd Manaf, Azizah
    ADVANCES IN SECURITY OF INFORMATION AND COMMUNICATION NETWORKS, 2013, 381 : 230 - 239
  • [43] Detecting security vulnerabilities with vulnerability nets
    Wang, Pingyan
    Liu, Shaoying
    Liu, Ai
    Jiang, Wen
    JOURNAL OF SYSTEMS AND SOFTWARE, 2024, 208
  • [44] Detecting Vulnerabilities in Service Oriented Architectures
    Antunes, Nuno
    Vieira, Marco
    23RD IEEE INTERNATIONAL SYMPOSIUM ON SOFTWARE RELIABILITY ENGINEERING WORKSHOPS (ISSRE 2012), 2012, : 134 - 139
  • [45] Detecting Security Vulnerabilities with Vulnerability Nets
    Wang, Pingyan
    Liu, Shaoying
    Liu, Ai
    Jiang, Wen
    2022 IEEE 22ND INTERNATIONAL CONFERENCE ON SOFTWARE QUALITY, RELIABILITY, AND SECURITY COMPANION, QRS-C, 2022, : 375 - 383
  • [46] Detecting Unknown Vulnerabilities Using Honeynet
    Albashir, Anas Abd Almonim Nour
    2015 FIRST INTERNATIONAL CONFERENCE ON ANTI-CYBERCRIME (ICACC), 2015, : 10 - 13
  • [47] Detecting Concurrency Memory Corruption Vulnerabilities
    Cai, Yan
    Zhu, Biyun
    Meng, Ruijie
    Yun, Hao
    He, Liang
    Su, Purui
    Liang, Bin
    ESEC/FSE'2019: PROCEEDINGS OF THE 2019 27TH ACM JOINT MEETING ON EUROPEAN SOFTWARE ENGINEERING CONFERENCE AND SYMPOSIUM ON THE FOUNDATIONS OF SOFTWARE ENGINEERING, 2019, : 706 - 717
  • [48] Methodology for detecting vulnerabilities in data networks
    Metodología para la Detección de Vulnerabilidades en Redes de Datos
    Franco, D.A. (dfrancob@unicartagena.edu.co), 1600, Centro de Informacion Tecnologica (23):
  • [49] Precisely detecting buffer overflow vulnerabilities
    Wang, Lei
    Li, Ji
    Li, Bo-Yang
    Tien Tzu Hsueh Pao/Acta Electronica Sinica, 2008, 36 (11): : 2200 - 2204
  • [50] Detecting Chains of Vulnerabilities in Industrial Networks
    Cheminod, Manuel
    Bertolotti, Ivan Cibrario
    Durante, Luca
    Maggi, Paolo
    Pozza, Davide
    Sisto, Riccardo
    Valenzano, Adriano
    IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS, 2009, 5 (02) : 181 - 193
12345