Visible to the public Formulation of SQL Injection Vulnerability Detection as Grammar Reachability Problem

TitleFormulation of SQL Injection Vulnerability Detection as Grammar Reachability Problem
Publication TypeConference Paper
Year of Publication2018
AuthorsUmar, K., Sultan, A. B., Zulzalil, H., Admodisastro, N., Abdullah, M. T.
Conference Name2018 International Conference on Information and Communication Technology for the Muslim World (ICT4M)
Date Publishedjul
ISBN Number978-1-5386-7525-0
KeywordsAccess Control, compositionality, cross-site scripting, flow graphs, Grammar, Human Behavior, Metrics, Production, pubcrawl, reachability analysis, Resiliency, SQL Injection, static analysis, vulnerabilities detection, vulnerability detection, Web application

Data dependency flow have been reformulated as Context Free Grammar (CFG) reachability problem, and the idea was explored in detection of some web vulnerabilities, particularly Cross Site Scripting (XSS) and Access Control. However, reformulation of SQL Injection Vulnerability (SQLIV) detection as grammar reachability problem has not been investigated. In this paper, concepts of data dependency flow was used to reformulate SQLIVs detection as a CFG reachability problem. The paper, consequently defines reachability analysis strategy for SQLIVs detection.

Citation Keyumar_formulation_2018