A Static Analysis Framework For Detecting SQL Injection Vulnerabilities

2007 ◽  
Author(s):  
Xiang Fu ◽  
Xin Lu ◽  
Boris Peltsverger ◽  
Shijun Chen ◽  
Kai Qian ◽  
...  
Keyword(s):  
Static Analysis ◽  
Analysis Framework ◽  
Sql Injection

scholarly journals Evaluation of SQL Injection Vulnerability Detection Tools

2019 ◽  
Vol 9 (1) ◽  
pp. 1747-1751
Keyword(s):  
Static Analysis ◽  
Web Applications ◽  
Source Code ◽  
False Negative ◽  
Vulnerability Detection ◽  
Sql Injection ◽  
User Input ◽  
Root Cause ◽  
Analysis Tools ◽  
Free Open Source

SQL injection vulnerabilities have been predominant on database-driven web applications since almost one decade. Exploiting such vulnerabilities enables attackers to gain unauthorized access to the back-end databases by altering the original SQL statements through manipulating user input. Testing web applications for identifying SQL injection vulnerabilities before deployment is essential to get rid of them. However, checking such vulnerabilities by hand is very tedious, difficult, and time-consuming. Web vulnerability static analysis tools are software tools for automatically identifying the root cause of SQL injection vulnerabilities in web applications source code. In this paper, we test and evaluate three free/open source static analysis tools using eight web applications with numerous known vulnerabilities, primarily for false negative rates. The evaluation results were compared and analysed, and they indicate a need to improve the tools.

scholarly journals Building a modular static analysis framework in Scala (tool paper)

2016 ◽  
Author(s):  
Quentin Stiévenart ◽  
Jens Nicolay ◽  
Wolfgang De Meuter ◽  
Coen De Roover
Keyword(s):  
Static Analysis ◽  
Analysis Framework

A Unified Kinetostatic Analysis Framework for Planar Compliant and Rigid Body Mechanisms

2014 ◽  
Author(s):  
Omer Anil Turkkan ◽  
Hai-Jun Su
Keyword(s):  
Mechanism Design ◽  
Static Analysis ◽  
Compliant Mechanisms ◽  
Daily Life ◽  
Analysis Framework ◽  
Planar Mechanisms ◽  
Simulation Tools ◽  
Compliant Joints ◽  
Adams Software ◽  
Simulation Results

Although many dynamic solvers are available for planar mechanisms, there is no readily accessible static solver that can be used in analysis of planar mechanisms with elastic components which achieve motion utilizing deformation of elastic members. New simulation tools are necessary to better understand the compliant mechanisms and to increase their usage in daily life. This framework was developed to fill this gap in planar mechanism design and analysis. The framework was written in MATLAB and is capable of kinematic and static analysis of planar mechanisms with compliant joints or links. Detailed information on implementation of the code is presented and is followed by the capabilities of the framework. Finally, the simulation results were compared with the Adams software to test the validity of the framework.

CODE-CHANGE IMPACT ANALYSIS USING COUNTERFACTUALS: THEORY AND IMPLEMENTATION

2013 ◽  
Vol 23 (10) ◽  
pp. 1459-1486
Author(s):  
MANUEL PERALTA ◽  
SUPRATIK MUKHOPADHYAY
Keyword(s):  
Static Analysis ◽  
Theorem Proving ◽  
Program Analysis ◽  
Impact Analysis ◽  
Source Code ◽  
Analysis Framework ◽  
Change Impact Analysis ◽  
Code Change ◽  
Change Impact ◽  
Automated Tool

This article shows a novel program analysis framework based on Lewis' theory of counterfactuals. Using this framework we are capable of performing change-impact static analysis on a program's source code. In other words, we are able to prove the properties induced by changes to a given program before applying these changes. Our contribution is two-fold; we show how to use Lewis' logic of counterfactuals to prove that proposed changes to a program preserve its correctness. We report the development of an automated tool based on resolution and theorem proving for performing code change-impact analysis.

Sign in / Sign up

Export Citation Format

Share Document