Securing native XML database-driven web applications from XQuery injection vulnerabilities
作者: Nushafreen PalsetiaG. DeepaFurqan Ahmed KhanP. Santhi ThilagamAlwyn R. Pais
作者单位: 1Department of Computer Science and Engineering, National Institute of Technology Karnataka, Mangalore, India
刊名: The Journal of Systems & Software, 2016, Vol.122 , pp.93-109
来源数据库: Elsevier Journal
DOI: 10.1016/j.jss.2016.08.094
关键词: Web application securityVulnerability scannerInjection attacksFuzz testingXML injectionXPath injection
原始语种摘要: Abstract(#br)Database-driven web applications today are XML-based as they handle highly diverse information and favor integration of data with other applications. Web applications have become the most popular way to deliver essential services to customers, and the increasing dependency of individuals on web applications makes them an attractive target for adversaries. The adversaries exploit vulnerabilities in the database-driven applications to craft injection attacks which include SQL, XQuery and XPath injections. A large amount of work has been done on identification of SQL injection vulnerabilities resulting in several tools available for the purpose. However, a limited work has been done so far for the identification of XML injection vulnerabilities and the existing tools only...
全文获取路径: Elsevier  (合作)
影响因子:1.135 (2012)