Formal Analysis of Vulnerabilities of Web Applications Based on SQL Injection (Extended Version)
Abstract
We present a formal approach that exploits attacks related to SQL Injection (SQLi) searching for security flaws in a web application. We give a formal representation of web applications and databases, and show that our formalization effectively exploits SQLi attacks. We implemented our approach in a prototype tool called SQLfast and we show its efficiency on real-world case studies, including the discovery of an attack on Joomla! that no other tool can find.
- Publication:
-
arXiv e-prints
- Pub Date:
- May 2016
- DOI:
- 10.48550/arXiv.1605.00358
- arXiv:
- arXiv:1605.00358
- Bibcode:
- 2016arXiv160500358D
- Keywords:
-
- Computer Science - Cryptography and Security