Preventing SQL Injection through Automatic Query Sanitization with ASSIST

Web applications are becoming an essential part of our everyday lives. Many of our activities are dependent on the functionality and security of these applications. As the scale of these applications grows, injection vulnerabilities such as SQL injection are major security challenges for developers today. This paper presents the technique of automatic query sanitization to automatically remove SQL injection vulnerabilities in code. In our technique, a combination of static analysis and program transformation are used to automatically instrument web applications with sanitization code. We have implemented this technique in a tool named ASSIST (Automatic and Static SQL Injection Sanitization Tool) for protecting Java-based web applications. Our experimental evaluation showed that our technique is effective against SQL injection vulnerabilities and has a low overhead.Comment: In Proceedings TAV-WEB 2010, arXiv:1009.330

Testing web database applications

Commercial, scientific, and social activities are increasingly becoming dependent on Web database applications. New testing techniques that handle the unique features of these systems are needed. To that end, we have extended AGENDA, a tool set for testing relational database applications, to test web database applications. Application source code is analyzed to extract relevant information about the URLs and their parameters. This information is used to construct and simplify a graph in which nodes represent URLs and edges represent links between URLs. A set of paths through the graph is selected and test cases are generated for each path. The extracted information about the parameters to each URL (e.g., values that an application user would enter into a form), is used to guide AGENDA to generate inputs for the URLs. The URLs on a path and their inputs are stored in an XML file, which is then automatically executed. The current implementation is targeted toward web applications written as Java Servlets and uses an algorithm based on cyclomatic complexity to generate paths. Preliminary empirically evaluation based on the TPC-W benchmark is presented

Testing database transaction consistency

AGENDA is a tool set for testing relational database applications. In this paper we extend AGENDA to test transaction consistency. Two levels of checks are used to check both database state and state transition. The transition check validates the state transition performed by the transaction. The state check validates that the overall global consistency properties hold for the new database state. Our tool set can handle general SQL assertions that are defined in the SQL standard but are not supported by current DBMSs, such as constraints involving multiple tables and SQL aggregration functions. A test generation heuristic that takes account of certain constraints is also presented. A case study based on the TPC-C benchmark shows promising results. 1