Quote: precise, sound, efficient analysis for SQL injection; tracks user input non-terminals of a context-free grammar for string variables; tested with PHP

Quotation Skeleton

In this paper, we address these limitations [of static analysis] by proposing a precise, sound, and fully automated analysis technique … for which user input changes the intended syntactic … a string variable may assume with a context … transducers. We have implemented the proposed technique for … Our tool successfully discovered previous unknown and sometimes … (with approx. 100K loc).   Google-1   Google-2

Copyright clearance needed for quotation.

Additional Titles

Quote: an SQL injection attack changes the intended syntactic structure of generated queries

Related Topics

Topic: security leaks and weaknesses (67 items)
Topic: database security (12 items)