Towards Secure SPARQL Queries in Semantic Web Applications using PHP (Extended Version)
Fatmah Bamashmoos, Ian Holyer, Theo Tryfonas, Przemyslaw Woznowski

TL;DR
This paper investigates security vulnerabilities in PHP-based Semantic Web applications, focusing on SPARQL injection attacks and their impact on data confidentiality, integrity, and availability, providing recommendations for developers.
Contribution
It assesses the impact of SPARQL injection attacks on PHP Semantic Web applications and offers security guidelines for developers to mitigate these vulnerabilities.
Findings
SPARQL injections can breach confidentiality, integrity, and availability.
PHP Semantic Web applications are vulnerable to known injection attacks.
Security practices should be integrated early in development.
Abstract
The Semantic Web (SW) is a significant advancement in the field of Internet technologies and an uncharted territory as far as security is concerned. In this paper we investigate and assess the impact of known attacks of SPARQL/SPARUL injections on Semantic Web applications developed in PHP. We highlight future challenges of developing robust Semantic Web applications using PHP. Our results demonstrate and quantify impacts on Confidentiality, Integrity and Availability (CIA) breaches of data in Semantic Web applications. Our recommendations are targeted to PHP developers, to encourage them to integrate security as early in their design and coding practice as possible.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsWeb Application Security Vulnerabilities · Security and Verification in Computing · Access Control and Trust
