Learn More
Web sites may be static sites, programs, or databases, and very often a combination of the three integrating relational databases as a back-end. Web sites require care in configuration and programming to assure security, confidentiality, and trustworthiness of the published information. SQL-injection attacks exploit weak validation of textual input used to(More)
Whether for development, maintenance or refactoring, multiple steps in software development cycle require comprehension of a program's access control model (AC model). In this paper, we present a novel approach to reverse-engineer AC model structure from PHP source code. Using an hybrid approach combining static analysis and model checking techniques, we(More)
In general, SQL-injection attacks rely on some weak validation of textual input used to build database queries. Maliciously crafted input may threaten the confidentiality and the security policies of Web sites relying on a database to store and retrieve information. Furthermore, insiders may introduce malicious code in a Web application, code that, when(More)
Web sites are often a mixture of static sites and programs that integrate relational databases as a back-end. Software that implements Web sites continuously evolve to meet ever-changing user needs. As a Web sites evolve, new versions of programs, interactions and functionalities are added and existing ones are removed or modified. Web sites require(More)
Web sites are often a mixture of static sites and programs that integrate relational databases as a back-end. As they evolve to meet ever-changing user needs, new versions of programs, interactions and functionalities may be added and existing ones may be removed or modified. Web sites require configuration and programming attention to assure security,(More)
Automatic Query generators have been shown to be effective tools for software testing. For the most part, they have been used in system testing for the database as a whole or to generate specific queries to test specific features with not much randomness. In this work we explore the problems encountered when using a genetic algorithm to generate SQL for(More)
A new representation for inter-procedural analysis is presented. The representation only uses regular graph theory with guarded edges and variables for easy integration with model checkers but is limited to binary lattice inter-procedural analysis only. A simple inter-procedural problem is presented here with a description of the control flow graph(More)
Large scale software model checking is a difficult problem in part because of the complexity created by inter-procedural function calling. Fastest current solution for this problem claim a polynomial time for only a partial resolution. Static analysis suffers of the same complexity but some work has observed linear time and space complexity for some(More)
  • 1