Defending Against Injection Attacks Through Context-Sensitive String Evaluation

@inproceedings{Pietraszek2005DefendingAI,
  title={Defending Against Injection Attacks Through Context-Sensitive String Evaluation},
  author={Tadeusz Pietraszek and Chris Vanden Berghe},
  booktitle={RAID},
  year={2005}
}
Injection vulnerabilities pose a major threat to applicationlevel security. Some of the more common types are SQL injection, crosssite scripting and shell injection vulnerabilities. Existing methods for defending against injection attacks, that is, attacks exploiting these vulnerabilities, rely heavily on the application developers and are therefore error-prone. In this paper we introduce CSSE, a method to detect and prevent injection attacks. CSSE works by addressing the root cause why such… CONTINUE READING
Highly Influential
This paper has highly influenced 19 other papers. REVIEW HIGHLY INFLUENTIAL CITATIONS
Highly Cited
This paper has 340 citations. REVIEW CITATIONS
230 Citations
19 References
Similar Papers

Citations

Publications citing this paper.
Showing 1-10 of 230 extracted citations

340 Citations

02040'07'10'13'16
Citations per Year
Semantic Scholar estimates that this publication has 340 citations based on the available data.

See our FAQ for additional information.

References

Publications referenced by this paper.
Showing 1-10 of 19 references

Aspect Oriented PHP (AOPHP)

  • J. W. Stamey, B. T. Saunders, M. Cameron
  • Web page at http://www.aophp.net
  • 2005
1 Excerpt

Valgrind

  • Valgrind Developers
  • Web page at http://valgrind.org
  • 2005
1 Excerpt

ADOdb Database Abstraction Library for PHP (and Python)

  • J. Lim
  • Web page at http://adodb.sourceforge.net
  • 2004
1 Excerpt

BugTraq

  • SecurityFocus
  • Web page at http://www.securityfocus.com/bid
  • 2004
2 Excerpts

Common Vulnerabilites and Exposures

  • MITRE
  • Web page at http://cve.mitre. org
  • 2004
1 Excerpt

ICAT Metabase

  • NIST
  • Web page at http://icat.nist.gov/
  • 2004
1 Excerpt

PHP Hypertext Preprocessor

  • T. PHP Group
  • Web page at http://www.php.net
  • 2004
2 Excerpts

SQL Injection Signatures Evasion

  • O. Maor, A. Shulman
  • Technical report, Imperva Application Defense…
  • 2004
2 Excerpts

Similar Papers

Loading similar papers…