Formal Analysis of Vulnerabilities of Web Applications Based on SQL Injection (Extended Version)
Federico De Meo, Marco Rocchetto, Luca Vigan\`o
TL;DR
This paper introduces a formal method and a prototype tool, SQLfast, to identify SQL Injection vulnerabilities in web applications, demonstrating effectiveness on real-world cases including previously undetected attacks.
Contribution
It provides a formal framework for analyzing SQLi vulnerabilities and a novel tool that outperforms existing solutions in detecting security flaws.
Findings
Successfully identified new SQLi attack on Joomla!
Demonstrated efficiency of SQLfast on real-world applications
Formalization effectively exploits SQLi vulnerabilities
Abstract
We present a formal approach that exploits attacks related to SQL Injection (SQLi) searching for security flaws in a web application. We give a formal representation of web applications and databases, and show that our formalization effectively exploits SQLi attacks. We implemented our approach in a prototype tool called SQLfast and we show its efficiency on real-world case studies, including the discovery of an attack on Joomla! that no other tool can find.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsWeb Application Security Vulnerabilities · Security and Verification in Computing · Cloud Data Security Solutions