Internet Archive Scholar

Development of a String Injection Vulnerability Analyzer for Web Application Programs
웹 응용 프로그램의 문자열 삽입 보안 취약성 분석기 개발

Joon-Seon Ahn, Yeong-Min Kim, Jang-Wu Jo
2008 The KIPS Transactions PartA  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (839.9 kB)
https://web.archive.org/web/20170823004454/http://ocean.kisti.re.kr/downfile/volume/kips/JBCREI/2008/v15An3/JBCREI_2008_v15An3_181.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL. The file type is application/pdf.

Nowadays, most web sites are developed using dynamic web pages where web pages are generated and transmitted by web application programs. Therefore, the ratio of attacks injecting malevolent strings to vulnerable web applications is increasing. In this paper, we present a static program analyzer which analyzes whether a web application program has vulnerabilities to the SQL injection attack and the cross site scripting(XSS) attack. To analyze programs using abstract interpretation framework, we
more » ... designed an abstract domain which models potential string set along with excluded strings and developed an abstract interpreter for the PHP language. Also, based on them, we implemented a static analyzer. According to our experiments, our analyzer has competitive analysis speed and accuracy compared with related research results.
doi:10.3745/kipsta.2008.15-a.3.181 fatcat:w7ghay6lrfggbki26etgp7ubli
Citation

Joon-Seon Ahn, Yeong-Min Kim, Jang-Wu Jo. "Development of a String Injection Vulnerability Analyzer for Web Application Programs." The KIPS Transactions PartA 15A.3 (2008) 181-188