A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2011; you can also visit the original URL.
The file type is application/pdf
.
Automatic Generation of XSS and SQL Injection Attacks with Goal-Directed Model Checking
2008
USENIX Security Symposium
Cross-site scripting (XSS) and SQL injection errors are two prominent examples of taint-based vulnerabilities that have been responsible for a large number of security breaches in recent years. This paper presents QED, a goal-directed model-checking system that automatically generates attacks exploiting taint-based vulnerabilities in large Java web applications. This is the first time where model checking has been used successfully on real-life Java programs to create attack sequences that
dblp:conf/uss/MartinL08
fatcat:y7r55pntprbrthz4syz6ym2uoi