Development of a String Injection Vulnerability Analyzer for Web Application Programs 


Vol. 15,  No. 3, pp. 181-188, Jun.  2008
10.3745/KIPSTA.2008.15.3.181


PDF
  Abstract

Nowadays, most web sites are developed using dynamic web pages where web pages are generated and transmitted by web application programs. Therefore, the ratio of attacks injecting malevolent strings to vulnerable web applications is increasing. In this paper, we present a static program analyzer which analyzes whether a web application program has vulnerabilities to the SQL injection attack and the cross site scripting(XSS) attack. To analyze programs using abstract interpretation framework, we designed an abstract domain which models potential string set along with excluded strings and developed an abstract interpreter for the PHP language. Also, based on them, we implemented a static analyzer. According to our experiments, our analyzer has competitive analysis speed and accuracy compared with related research results.

  Statistics
  Cite this article

[IEEE Style]

J. S. Ahn, Y. M. Kim, J. W. Jo, "Development of a String Injection Vulnerability Analyzer for Web Application Programs," The KIPS Transactions:PartA, vol. 15, no. 3, pp. 181-188, 2008. DOI: 10.3745/KIPSTA.2008.15.3.181.

[ACM Style]

Joon Seon Ahn, Yeong Min Kim, and Jang Wu Jo. 2008. Development of a String Injection Vulnerability Analyzer for Web Application Programs. The KIPS Transactions:PartA, 15, 3, (2008), 181-188. DOI: 10.3745/KIPSTA.2008.15.3.181.

Forms

Search
(IN TITLE, AUTHOR, ABSTRACT,KEYWORDS)

Advanced Search

POPULAR KEYWORDS
(TOP 10 KEYWORDS)

Recent Publications
(LAST 3 YEARS)

Old Journals

Indexing

All publications of TKIPS is indexed in DOI, EBSCO, Google Scholar, Crossref, and CrossCheck.

TKIPS is also selected as the Journal for Accreditation by NRF (National Research Foundation of Korea).

Related Journals