Paper Abstract and Keywords |
Presentation |
2010-12-14 17:00
An Injection Vulnerability Analysis of Web Applications using String-Taint Analysis Tatsunori Houan, Kazuya Onai, Seikoh Nishita (Takushoku Univ.) SS2010-45 |
Abstract |
(in Japanese) |
(See Japanese page) |
(in English) |
String analysis is a static analysis of dynamically generated
strings in a target program. This paper presents a method to modify finite
state automata generated by the string analysis in order to weave taint
information for untrusted input strings. Then, this paper proposes an
string-taint analysis as an improvement of the string analysis to support
the extended automata. In addition, this paper presents an application of
the string-taint analysis to an analysis of injection vulnerability in web
applications. |
Keyword |
(in Japanese) |
(See Japanese page) |
(in English) |
String analysis / taint information / finite state automata / SQL injection vulnerability / / / / |
Reference Info. |
IEICE Tech. Rep., vol. 110, no. 336, SS2010-45, pp. 37-42, Dec. 2010. |
Paper # |
SS2010-45 |
Date of Issue |
2010-12-07 (SS) |
ISSN |
Print edition: ISSN 0913-5685 Online edition: ISSN 2432-6380 |
Copyright and reproduction |
All rights are reserved and no part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without permission in writing from the publisher. Notwithstanding, instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. (License No.: 10GA0019/12GB0052/13GB0056/17GB0034/18GB0034) |
Download PDF |
SS2010-45 |
Conference Information |
Committee |
SS |
Conference Date |
2010-12-14 - 2010-12-15 |
Place (in Japanese) |
(See Japanese page) |
Place (in English) |
Ikaho-Onsen Hotel Tenbo |
Topics (in Japanese) |
(See Japanese page) |
Topics (in English) |
General |
Paper Information |
Registration To |
SS |
Conference Code |
2010-12-SS |
Language |
Japanese |
Title (in Japanese) |
(See Japanese page) |
Sub Title (in Japanese) |
(See Japanese page) |
Title (in English) |
An Injection Vulnerability Analysis of Web Applications using String-Taint Analysis |
Sub Title (in English) |
|
Keyword(1) |
String analysis |
Keyword(2) |
taint information |
Keyword(3) |
finite state automata |
Keyword(4) |
SQL injection vulnerability |
Keyword(5) |
|
Keyword(6) |
|
Keyword(7) |
|
Keyword(8) |
|
1st Author's Name |
Tatsunori Houan |
1st Author's Affiliation |
Takushoku University (Takushoku Univ.) |
2nd Author's Name |
Kazuya Onai |
2nd Author's Affiliation |
Takushoku University (Takushoku Univ.) |
3rd Author's Name |
Seikoh Nishita |
3rd Author's Affiliation |
Takushoku University (Takushoku Univ.) |
4th Author's Name |
|
4th Author's Affiliation |
() |
5th Author's Name |
|
5th Author's Affiliation |
() |
6th Author's Name |
|
6th Author's Affiliation |
() |
7th Author's Name |
|
7th Author's Affiliation |
() |
8th Author's Name |
|
8th Author's Affiliation |
() |
9th Author's Name |
|
9th Author's Affiliation |
() |
10th Author's Name |
|
10th Author's Affiliation |
() |
11th Author's Name |
|
11th Author's Affiliation |
() |
12th Author's Name |
|
12th Author's Affiliation |
() |
13th Author's Name |
|
13th Author's Affiliation |
() |
14th Author's Name |
|
14th Author's Affiliation |
() |
15th Author's Name |
|
15th Author's Affiliation |
() |
16th Author's Name |
|
16th Author's Affiliation |
() |
17th Author's Name |
|
17th Author's Affiliation |
() |
18th Author's Name |
|
18th Author's Affiliation |
() |
19th Author's Name |
|
19th Author's Affiliation |
() |
20th Author's Name |
|
20th Author's Affiliation |
() |
Speaker |
Author-1 |
Date Time |
2010-12-14 17:00:00 |
Presentation Time |
30 minutes |
Registration for |
SS |
Paper # |
SS2010-45 |
Volume (vol) |
vol.110 |
Number (no) |
no.336 |
Page |
pp.37-42 |
#Pages |
6 |
Date of Issue |
2010-12-07 (SS) |