Securing native XML database-driven web applications from XQuery injection vulnerabilities
详细信息 查看全文
- 作者:Nushafreen Palsetia nushafreen@gmail.com" class="auth_mail" title="E-mail the corresponding authorAuthor Vitae ; G. Deepa ; gdeepabalu@gmail.com" class="auth_mail" title="E-mail the corresponding authorAuthor Vitae ; Furqan Ahmed Khan furqankhan08@gmail.com" class="auth_mail" title="E-mail the corresponding authorAuthor Vitae ; P. Santhi Thilagam santhi@nitk.ac.in" class="auth_mail" title="E-mail the corresponding authorAuthor Vitae ; Alwyn R. Pais alwyn@nitk.ac.in" class="auth_mail" title="E-mail the corresponding authorAuthor Vitae
- 关键词:Web application security ; Vulnerability scanner ; Injection attacks ; Fuzz testing ; XML injection ; XPath injection
- 刊名:Journal of Systems and Software
- 出版年:2016
- 出版时间:December 2016
- 年:2016
- 卷:122
- 期:Complete
- 页码:93-109
- 全文大小:1037 K
文摘
- •
Detects XQuery injection vulnerabilities in web applications using native XML DBs.
- •
Implements a prototype system “XQueryFuzzer” based on the proposed approach.
- •
Demonstrates the effectiveness of the prototype on benchmark web applications.
- •
Three types of XQuery injection attacks unlisted in OWASP are identified.