Automated Fix Generator for SQL Injection Attacks

Fred Dysart, Mark Sherriff
2008 2008 19th International Symposium on Software Reliability Engineering (ISSRE)  
A critical problem facing today's internet community is the increasing number of attacks exploiting flaws found in Web applications. This paper specifically targets input validation vulnerabilities found in SQL queries that may lead to SQL Injection Attacks (SQLIAs). We introduce a tool that automatically detects and suggests fixes to SQL queries that are found to contain SQL Injection Vulnerabilities (SQLIVs). Testing was performed against phpBB v2.0, an open source forum package, to determine
more » ... ckage, to determine the accuracy and efficacy of our software.
doi:10.1109/issre.2008.44 dblp:conf/issre/DysartS08 fatcat:2jui2prjlzcjrgvusnqbvqqooy