Detects XQuery injection vulnerabilities in web applications using native XML DBs.
Implements a prototype system “XQueryFuzzer” based on the proposed approach.
Demonstrates the effectiveness of the prototype on benchmark web applications.
Three types of XQuery injection attacks unlisted in OWASP are identified.