Abstract
Most kinds of security vulnerabilities in web applications can be fixed by adding appropriate sanitization methods. Finding the correct place for the sanitizers can be difficult due to complicated data and control flow. Fixing SQL injection vulnerabilities may require more complex transformations, such as replacing uses of Statement by PreparedStatement, which could include some code motion.We have developed algorithms to place sanitizers correctly, as well as to transform Statement to PreparedStatement. These have been implemented as quick fixes in an Eclipse plugin that works together with a commercial tool that discovers security vulnerabilities in web applications.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.