• 제목/요약/키워드: Taint inference

검색결과 2건 처리시간 0.017초

Taint Inference for Cross-Site Scripting in Context of URL Rewriting and HTML Sanitization

  • Pan, Jinkun;Mao, Xiaoguang;Li, Weishi
    • ETRI Journal
    • /
    • 제38권2호
    • /
    • pp.376-386
    • /
    • 2016
  • Currently, web applications are gaining in prevalence. In a web application, an input may not be appropriately validated, making the web application susceptible to cross-site scripting (XSS), which poses serious security problems for Internet users and websites to whom such trusted web pages belong. A taint inference is a type of information flow analysis technique that is useful in detecting XSS on the client side. However, in existing techniques, two current practical issues have yet to be handled properly. One is URL rewriting, which transforms a standard URL into a clearer and more manageable form. Another is HTML sanitization, which filters an input against blacklists or whitelists of HTML tags or attributes. In this paper, we make an analogy between the taint inference problem and the molecule sequence alignment problem in bioinformatics, and transfer two techniques related to the latter over to the former to solve the aforementioned yet-to-be-handled-properly practical issues. In particular, in our method, URL rewriting is addressed using local sequence alignment and HTML sanitization is modeled by introducing a removal gap penalty. Empirical results demonstrate the effectiveness and efficiency of our method.

A Reusable SQL Injection Detection Method for Java Web Applications

  • He, Chengwan;He, Yue
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • 제14권6호
    • /
    • pp.2576-2590
    • /
    • 2020
  • The fundamental reason why most SQL injection detection methods are difficult to use in practice is the low reusability of the implementation code. This paper presents a reusable SQL injection detection method for Java Web applications based on AOP (Aspect-Oriented Programming) and dynamic taint analysis, which encapsulates the dynamic taint analysis processes into different aspects and establishes aspect library to realize the large-grained reuse of the code for detecting SQL injection attacks. A metamodel of aspect library is proposed, and a management tool for the aspect library is implemented. Experiments show that this method can effectively detect 7 known types of SQL injection attack such as tautologies, logically incorrect queries, union query, piggy-backed queries, stored procedures, inference query, alternate encodings and so on, and support the large-grained reuse of the code for detecting SQL injection attacks.