The document describes an approach called μ4SQLi for automated testing of SQL injection vulnerabilities. It uses an input mutation technique where valid test cases are manipulated to become SQL injection attacks through the application of 12 mutation operators. These operators are grouped into behavior-changing, syntax-repairing, and obfuscation categories. The approach monitors traffic between the system under test and database to detect if tests trigger vulnerabilities. The evaluation compares μ4SQLi against standard attacks on two web applications, with and without a web application firewall, to determine which technique performs better. The results show μ4SQLi generates more exploitable vulnerabilities, especially in the presence of a firewall.
Static analysis as means of improving code quality Andrey Karpov
The National Institute of Standards and Technology (NIST) reports that 64% of software vulnerabilities stem from programming errors and not a lack of security features.
Сканирование с использованием бэкслэша: подключаем интуициюPositive Hack Days
Существующие сканеры защищенности находят серверные уязвимости по сигнатурам, используя определенный набор специфичных для каждой системы правил, что напоминает принцип работы антивирусных программ. Докладчик поделится своим опытом разработки сканера с открытым исходным кодом, пришедшего на смену классическим неавтоматизированным методам и способного находить и подтверждать наличие как известных, так и новых классов уязвимостей.
PVS-Studio is ready to improve the code of Tizen operating systemAndrey Karpov
Objective. Contract agreement with PVS-Studio team concerning the error fixing and regular code audit.
Currently, PVS-Studio detects more than 10% of errors that are present in the code of the Tizen project.
In the case of regular use of PVS-Studio on the new code, about 20% of errors can be prevented.
I predict that PVS-Studio team can detect and fix about 27 000 errors in the Tizen project.
PVS-Studio and static code analysis techniqueAndrey Karpov
What is «static code analysis»? It is a technique that allows, at the same time with unit-tests, dynamic code analysis, code review and others, to increase code quality, increase its reliability and decrease the development time.
Static analysis as means of improving code quality Andrey Karpov
The National Institute of Standards and Technology (NIST) reports that 64% of software vulnerabilities stem from programming errors and not a lack of security features.
Сканирование с использованием бэкслэша: подключаем интуициюPositive Hack Days
Существующие сканеры защищенности находят серверные уязвимости по сигнатурам, используя определенный набор специфичных для каждой системы правил, что напоминает принцип работы антивирусных программ. Докладчик поделится своим опытом разработки сканера с открытым исходным кодом, пришедшего на смену классическим неавтоматизированным методам и способного находить и подтверждать наличие как известных, так и новых классов уязвимостей.
PVS-Studio is ready to improve the code of Tizen operating systemAndrey Karpov
Objective. Contract agreement with PVS-Studio team concerning the error fixing and regular code audit.
Currently, PVS-Studio detects more than 10% of errors that are present in the code of the Tizen project.
In the case of regular use of PVS-Studio on the new code, about 20% of errors can be prevented.
I predict that PVS-Studio team can detect and fix about 27 000 errors in the Tizen project.
PVS-Studio and static code analysis techniqueAndrey Karpov
What is «static code analysis»? It is a technique that allows, at the same time with unit-tests, dynamic code analysis, code review and others, to increase code quality, increase its reliability and decrease the development time.
In May 2016, German game-development company Crytek made a decision to upload the source code of their game engine CryEngine V to Github. The engine is written in C++ and has immediately attracted attention of both the open-source developer community and the team of developers of PVS-Studio static analyzer who regularly scan the code of open-source projects to estimate its quality. A lot of great games were created by a number of video-game development studios using various versions of CryEngine, and now the engine has become available to even more developers. This article gives an overview of errors found in the project by PVS-Studio static analyzer.
Mining Branch-Time Scenarios From Execution LogsDirk Fahland
This presentation was given at the International Conference on Automated Software Engineering (ASE 2013) in Palo Alto, November 2013.
We describe a technique for automatically extracting specifications from execution traces of an application. The particular specification that we extract are scenarios in the form of conditional existential Live-Sequence Charts (LSC), which are similar to UML Sequence Diagrams.
The technique is implemented in a tool and was evaluated on two real-life event logs.
Code Coverage and Test Suite Effectiveness: Empirical Study with Real Bugs in...Pavneet Singh Kochhar
In this paper, we analyse two large software systems to
measure the relationship of code coverage and its effectiveness in killing real bugs from the software systems.
Performs code analysis in C, C++, C++/CLI, C++/CX, C#. Plugin for Visual Studio 2010-2015. Integration with SonarQube, QtCreator, CLion, Eclipse CDT, Anjuta DevStudio and so on. Standalone utility. Direct integration of the analyzer into the systems of build automation and the BlameNotifier utility (e-mail notification). Automatic analysis of modified files. Great scalability. Why do people need code analyzers?
(automatic) Testing: from business to university and backDavid Rodenas
This talk cares about the fundamentals of testing, a little bit history of how the professional community developed what we currently know as testing, but also about why I should care about testing? why is it important to do a test? What is important to test? What is not important to test? How to do testing?
There some examples in plnker just to see each step, and many surprises.
This talk also compares what people learned in the Computer Sciences and Engineering degrees and what people does in testing. It gives some tips to catch up with current state of art and gives some points to start changing syllabus to make better engineers.
This talk is good for beginners, teachers, bosses, but also for seasoned techies that just want to light up some of the ideas that they might have been hatching.
Spoiler alert: testing will save you development time and make you a good professional.
So, what is PVS-Studio? PVS-Studio is a ecosystem that provides you static code analyzer for C, C++, C# and Java programming languages and utilities to make life with static code analyzer easier. PVS-Studio works on Windows, Linux and macOS platforms.
I’ll focus more on C/C++ features. So, we support modern and famous compilers such as: MSVC, GCC, Clang - and several compiler for Embedded systems: ARM GCC/Clang, Keil, IAR, TI.
We also have several plugins for modern IDEs for convenient work: Visual Studio 2010-2019, JetBrains Rider and IntelliJ IDEA. Compilation monitoring. We provide a tool that may help you to check your project with “exotic” build system (e.g. SCons, Bazel, etc).
Suppress files. After you’ve checked your project, you may get tons of warnings on your legacy code. There is a solution – you push all your warnings in some file called suppress base, and in the next run you’ll get 0 warnings.
Incremental analysis. If you modify some files in your project, you want only them to be checked as the compiler recompiles them. We have scenery for that. We call it incremental analysis.
There are lots of talks about testing: they talk about syntax, methodologies, tools. But there is usually a missing point: Why it is important to do a test? What is important to test? What is not important to test? How to do testing?
There lots of examples in plnker just to see each step, and many surprises.
This talk is good for beginners, but also for some seasoned people that just want to light up some of the ideas that they might have been hatching.
Spoiler alert: testing will save you development time.
Static analysis and writing C/C++ of high quality code for embedded systemsAndrey Karpov
Static analysis is not a silver bullet
Static analysis is the answer to the question: "How to make our code better?"
What does mean " better "? It will be easier to maintain and develop it, eliminate problems in it
One of the Microsoft development teams already uses PVS-Studio analyzer in their work. It's great, but it's not enough. That's why I keep demonstrating how static code analysis could benefit developers, using Microsoft projects as examples. We scanned Casablanca project three years ago and found nothing. As a tribute to its high quality, the project was awarded with a "bugless code" medal. As time went by, Casablanca developed and grew. PVS-Studio's capabilities, too, have significantly improved, and now I've finally got the opportunity to write an article about errors found by the analyzer in Casablanca project (C++ REST SDK). These errors are few, but the fact that their number is still big enough for me to make this article, does speak a lot in favor of PVS-Studio's effectiveness.
In May 2016, German game-development company Crytek made a decision to upload the source code of their game engine CryEngine V to Github. The engine is written in C++ and has immediately attracted attention of both the open-source developer community and the team of developers of PVS-Studio static analyzer who regularly scan the code of open-source projects to estimate its quality. A lot of great games were created by a number of video-game development studios using various versions of CryEngine, and now the engine has become available to even more developers. This article gives an overview of errors found in the project by PVS-Studio static analyzer.
Mining Branch-Time Scenarios From Execution LogsDirk Fahland
This presentation was given at the International Conference on Automated Software Engineering (ASE 2013) in Palo Alto, November 2013.
We describe a technique for automatically extracting specifications from execution traces of an application. The particular specification that we extract are scenarios in the form of conditional existential Live-Sequence Charts (LSC), which are similar to UML Sequence Diagrams.
The technique is implemented in a tool and was evaluated on two real-life event logs.
Code Coverage and Test Suite Effectiveness: Empirical Study with Real Bugs in...Pavneet Singh Kochhar
In this paper, we analyse two large software systems to
measure the relationship of code coverage and its effectiveness in killing real bugs from the software systems.
Performs code analysis in C, C++, C++/CLI, C++/CX, C#. Plugin for Visual Studio 2010-2015. Integration with SonarQube, QtCreator, CLion, Eclipse CDT, Anjuta DevStudio and so on. Standalone utility. Direct integration of the analyzer into the systems of build automation and the BlameNotifier utility (e-mail notification). Automatic analysis of modified files. Great scalability. Why do people need code analyzers?
(automatic) Testing: from business to university and backDavid Rodenas
This talk cares about the fundamentals of testing, a little bit history of how the professional community developed what we currently know as testing, but also about why I should care about testing? why is it important to do a test? What is important to test? What is not important to test? How to do testing?
There some examples in plnker just to see each step, and many surprises.
This talk also compares what people learned in the Computer Sciences and Engineering degrees and what people does in testing. It gives some tips to catch up with current state of art and gives some points to start changing syllabus to make better engineers.
This talk is good for beginners, teachers, bosses, but also for seasoned techies that just want to light up some of the ideas that they might have been hatching.
Spoiler alert: testing will save you development time and make you a good professional.
So, what is PVS-Studio? PVS-Studio is a ecosystem that provides you static code analyzer for C, C++, C# and Java programming languages and utilities to make life with static code analyzer easier. PVS-Studio works on Windows, Linux and macOS platforms.
I’ll focus more on C/C++ features. So, we support modern and famous compilers such as: MSVC, GCC, Clang - and several compiler for Embedded systems: ARM GCC/Clang, Keil, IAR, TI.
We also have several plugins for modern IDEs for convenient work: Visual Studio 2010-2019, JetBrains Rider and IntelliJ IDEA. Compilation monitoring. We provide a tool that may help you to check your project with “exotic” build system (e.g. SCons, Bazel, etc).
Suppress files. After you’ve checked your project, you may get tons of warnings on your legacy code. There is a solution – you push all your warnings in some file called suppress base, and in the next run you’ll get 0 warnings.
Incremental analysis. If you modify some files in your project, you want only them to be checked as the compiler recompiles them. We have scenery for that. We call it incremental analysis.
There are lots of talks about testing: they talk about syntax, methodologies, tools. But there is usually a missing point: Why it is important to do a test? What is important to test? What is not important to test? How to do testing?
There lots of examples in plnker just to see each step, and many surprises.
This talk is good for beginners, but also for some seasoned people that just want to light up some of the ideas that they might have been hatching.
Spoiler alert: testing will save you development time.
Static analysis and writing C/C++ of high quality code for embedded systemsAndrey Karpov
Static analysis is not a silver bullet
Static analysis is the answer to the question: "How to make our code better?"
What does mean " better "? It will be easier to maintain and develop it, eliminate problems in it
One of the Microsoft development teams already uses PVS-Studio analyzer in their work. It's great, but it's not enough. That's why I keep demonstrating how static code analysis could benefit developers, using Microsoft projects as examples. We scanned Casablanca project three years ago and found nothing. As a tribute to its high quality, the project was awarded with a "bugless code" medal. As time went by, Casablanca developed and grew. PVS-Studio's capabilities, too, have significantly improved, and now I've finally got the opportunity to write an article about errors found by the analyzer in Casablanca project (C++ REST SDK). These errors are few, but the fact that their number is still big enough for me to make this article, does speak a lot in favor of PVS-Studio's effectiveness.
Declarative benchmarking of cassandra and it's data modelsMonal Daxini
With the Netflix’s large cassandra footprint there are lots of interesting data models both new and evolving and we have different versions of cassandra.
Hence, developing or evolving scalable data models takes iterations in application code, schema and configurations to achieve desired functional and scalability requirements.
I will share use cases and details about how we make it easy for engineers to validate Cassandra data models across versions, and configuration tweaks to assure application scalability.
AVATAR : Fixing Semantic Bugs with Fix Patterns of Static Analysis ViolationsDongsun Kim
Fix pattern-based patch generation is a promising direction in Automated Program Repair (APR). Notably, it has been demonstrated to produce more acceptable and correct patches than the patches obtained with mutation operators through genetic programming. The performance of pattern-based APR systems, however, depends on the fix ingredients mined from fix changes in development histories. Unfortunately, collecting a reliable set of bug fixes in repositories can be challenging. In this paper, we propose to investigate the possibility in an APR scenario of leveraging code changes that address violations by static bug detection tools. To that end, we build the AVATAR APR system, which exploits fix patterns of static analysis violations as ingredients for patch generation. Evaluated on the Defects4J benchmark, we show that, assuming a perfect localization of faults, AVATAR can generate correct patches to fix 34/39 bugs. We further find that AVATAR yields performance metrics that are comparable to that of the closely-related approaches in the literature. While AVATAR outperforms many of the state-of-the- art pattern-based APR systems, it is mostly complementary to current approaches. Overall, our study highlights the relevance of static bug finding tools as indirect contributors of fix ingredients for addressing code defects identified with functional test cases.
SSRF vs. Business-critical applications. Part 2. New vectors and connect-back...ERPScan
Any information an attacker might want is stored in corporate ERP. This information can include financial, customer or public relations, intellectual property, personally identifiable information and more. Industrial espionage, sabotage, and fraud or insider embezzlement may be very effective if targeted at the victim’s ERP system, and they can cause significant reputation and financial losses to the business.
This research provides information about SSRF attacks and their classification. It also shows examples of SSRF attacks, as well as new potential and real SSRF vectors.
SQL Injection is a dangerous vulnerability. The transformation from a normal SQL to a malicious query. The successful SQL injection attack can lead to unauthorized access, change or delete data, and theft of information. Do not take SQL injection for granted.
The big data platforms of many organisations are underpinned by a technology that is soon to celebrate its 45th birthday: SQL. This industry stalwart is applied in a multitude of critical points in business data flows; the results that these processes generate may significantly influence business and financial decision making. However, the SQL ecosystem has been overlooked and ignored by more recent innovations in the field of software engineering best practices such as fine grained automated testing and code quality metrics. This exposes organisations to poor application maintainability, high bug rates, and ultimately corporate risk.
We present the work we’ve been doing at Hotels.com to address these issues by bringing some advanced software engineering practices and open source tools to the realm of Apache Hive SQL. We first define the relevance of such approaches and demonstrate how automated testing can be applied to Hive SQL using HiveRunner, a JUnit based testing framework. We next consider how best to structure Hive queries to yield meaningful test scenarios that are maintainable and performant. Finally, we demonstrate how test coverage reports can highlight areas of risk in SQL codebases and weaknesses in the testing process. We do this using Mutant Swarm, an open source mutation testing tool for SQL languages developed by Hotels.com that can deliver insights similar to those produced by Java focused tools such as Jacoco and PIT.
RDF Validation in a Linked Data World - A vision beyond structural and value ...Nandana Mihindukulasooriya
Data validation is a vital step for ensuring the quality of data and the expressive languages for doing so and their related tools are essential for a data model to be adopted by the industry. Many data representation and storage technologies, like relational databases or XML, use expressive schema languages for defining the structure and the constraints on data and allow ensuring that
the quality and the consistency of data is kept intact. In the context of semantic and Linked Data technologies, which are built upon the Open World Assumption and Non-unique Name Assumption, data validation becomes a challenge as the languages currently used to describe these constraints (i.e., RDF Schema and OWL) are more suited for inferring data than for data validation. There is a clear need for more expressive languages to define rules for validating RDF data.
However, having a wider view on the different use cases where RDF data is being used and considering the applications that consume RDF data as Linked Data, we can discover that there are requirements and concerns that go beyond the structural validation and data value range validation. In this paper, we identify the different requirements and factors that need to be taken into account and discussed in the context of data validation in applications that publish and consume Linked Data. These factors are grouped into three main categories: data source factors, procedure factors, and context factors. We believe that having this broader view will help to identify the concrete requirements for data validation especially in the context of Linked Data.
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Shahin Sheidaei
Games are powerful teaching tools, fostering hands-on engagement and fun. But they require careful consideration to succeed. Join me to explore factors in running and selecting games, ensuring they serve as effective teaching tools. Learn to maintain focus on learning objectives while playing, and how to measure the ROI of gaming in education. Discover strategies for pitching gaming to leadership. This session offers insights, tips, and examples for coaches, team leads, and enterprise leaders seeking to teach from simple to complex concepts.
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...informapgpstrackings
Keep tabs on your field staff effortlessly with Informap Technology Centre LLC. Real-time tracking, task assignment, and smart features for efficient management. Request a live demo today!
For more details, visit us : https://informapuae.com/field-staff-tracking/
Navigating the Metaverse: A Journey into Virtual Evolution"Donna Lenk
Join us for an exploration of the Metaverse's evolution, where innovation meets imagination. Discover new dimensions of virtual events, engage with thought-provoking discussions, and witness the transformative power of digital realms."
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Mind IT Systems
Healthcare providers often struggle with the complexities of chronic conditions and remote patient monitoring, as each patient requires personalized care and ongoing monitoring. Off-the-shelf solutions may not meet these diverse needs, leading to inefficiencies and gaps in care. It’s here, custom healthcare software offers a tailored solution, ensuring improved care and effectiveness.
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus
As part of the DOE Integrated Research Infrastructure (IRI) program, NERSC at Lawrence Berkeley National Lab and ALCF at Argonne National Lab are working closely with General Atomics on accelerating the computing requirements of the DIII-D experiment. As part of the work the team is investigating ways to speedup the time to solution for many different parts of the DIII-D workflow including how they run jobs on HPC systems. One of these routes is looking at Globus Compute as a way to replace the current method for managing tasks and we describe a brief proof of concept showing how Globus Compute could help to schedule jobs and be a tool to connect compute at different facilities.
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxrickgrimesss22
Discover the essential features to incorporate in your Winzo clone app to boost business growth, enhance user engagement, and drive revenue. Learn how to create a compelling gaming experience that stands out in the competitive market.
How to Position Your Globus Data Portal for Success Ten Good PracticesGlobus
Science gateways allow science and engineering communities to access shared data, software, computing services, and instruments. Science gateways have gained a lot of traction in the last twenty years, as evidenced by projects such as the Science Gateways Community Institute (SGCI) and the Center of Excellence on Science Gateways (SGX3) in the US, The Australian Research Data Commons (ARDC) and its platforms in Australia, and the projects around Virtual Research Environments in Europe. A few mature frameworks have evolved with their different strengths and foci and have been taken up by a larger community such as the Globus Data Portal, Hubzero, Tapis, and Galaxy. However, even when gateways are built on successful frameworks, they continue to face the challenges of ongoing maintenance costs and how to meet the ever-expanding needs of the community they serve with enhanced features. It is not uncommon that gateways with compelling use cases are nonetheless unable to get past the prototype phase and become a full production service, or if they do, they don't survive more than a couple of years. While there is no guaranteed pathway to success, it seems likely that for any gateway there is a need for a strong community and/or solid funding streams to create and sustain its success. With over twenty years of examples to draw from, this presentation goes into detail for ten factors common to successful and enduring gateways that effectively serve as best practices for any new or developing gateway.
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteGoogle
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
👉👉 Click Here To Get More Info 👇👇
https://sumonreview.com/ai-pilot-review/
AI Pilot Review: Key Features
✅Deploy AI expert bots in Any Niche With Just A Click
✅With one keyword, generate complete funnels, websites, landing pages, and more.
✅More than 85 AI features are included in the AI pilot.
✅No setup or configuration; use your voice (like Siri) to do whatever you want.
✅You Can Use AI Pilot To Create your version of AI Pilot And Charge People For It…
✅ZERO Manual Work With AI Pilot. Never write, Design, Or Code Again.
✅ZERO Limits On Features Or Usages
✅Use Our AI-powered Traffic To Get Hundreds Of Customers
✅No Complicated Setup: Get Up And Running In 2 Minutes
✅99.99% Up-Time Guaranteed
✅30 Days Money-Back Guarantee
✅ZERO Upfront Cost
See My Other Reviews Article:
(1) TubeTrivia AI Review: https://sumonreview.com/tubetrivia-ai-review
(2) SocioWave Review: https://sumonreview.com/sociowave-review
(3) AI Partner & Profit Review: https://sumonreview.com/ai-partner-profit-review
(4) AI Ebook Suite Review: https://sumonreview.com/ai-ebook-suite-review
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...Juraj Vysvader
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I didn't get rich from it but it did have 63K downloads (powered possible tens of thousands of websites).
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
We explore the Globus Connect Server (GCS) architecture and experiment with advanced configuration options and use cases. This content is targeted at system administrators who are familiar with GCS and currently operate—or are planning to operate—broader deployments at their institution.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Utilocate offers a comprehensive solution for locate ticket management by automating and streamlining the entire process. By integrating with Geospatial Information Systems (GIS), it provides accurate mapping and visualization of utility locations, enhancing decision-making and reducing the risk of errors. The system's advanced data analytics tools help identify trends, predict potential issues, and optimize resource allocation, making the locate ticket management process smarter and more efficient. Additionally, automated ticket management ensures consistency and reduces human error, while real-time notifications keep all relevant personnel informed and ready to respond promptly.
The system's ability to streamline workflows and automate ticket routing significantly reduces the time taken to process each ticket, making the process faster and more efficient. Mobile access allows field technicians to update ticket information on the go, ensuring that the latest information is always available and accelerating the locate process. Overall, Utilocate not only enhances the efficiency and accuracy of locate ticket management but also improves safety by minimizing the risk of utility damage through precise and timely locates.
In the ever-evolving landscape of technology, enterprise software development is undergoing a significant transformation. Traditional coding methods are being challenged by innovative no-code solutions, which promise to streamline and democratize the software development process.
This shift is particularly impactful for enterprises, which require robust, scalable, and efficient software to manage their operations. In this article, we will explore the various facets of enterprise software development with no-code solutions, examining their benefits, challenges, and the future potential they hold.
Cyaniclab : Software Development Agency Portfolio.pdfCyanic lab
CyanicLab, an offshore custom software development company based in Sweden,India, Finland, is your go-to partner for startup development and innovative web design solutions. Our expert team specializes in crafting cutting-edge software tailored to meet the unique needs of startups and established enterprises alike. From conceptualization to execution, we offer comprehensive services including web and mobile app development, UI/UX design, and ongoing software maintenance. Ready to elevate your business? Contact CyanicLab today and let us propel your vision to success with our top-notch IT solutions.
Automated Testing for SQL Injection Vulnerabilities: An Input Mutation Approach
1. Automated Testing for SQL Injection
Vulnerabilities: An Input Mutation
Approach
Dennis Appelt, Cu D. Nguyen, Nadia Alshahwan, Lionel Briand
Software Verification and Validation Laboratory
Interdisciplinary Centre for Security, Reliability and Trust
University of Luxembourg
25, July, 2014
2. Web
Apps
are
at
risk
OWASP
Top
10
2013
2
A1
–
Injec;on
A2
–
Broken
Authen;ca;on
and
Session
Management
A3
–
Cross-‐Site
Scrip;ng
A4
–
Insecure
Object
References
…
6. Defini;on
6
SQL
Injec;on
aNacks
target
database-‐driven
systems
by
injec;ng
SQL
code
fragments
into
vulnerable
input
parameters
that
are
not
properly
checked
and
sani;sed.
7. Example
Example
code
vulnerable
to
SQL
injec;on:
1 . $sql = "Select * From hotelList where country =’";!
2 . $sql = $sql . $country;!
3 . $sql = $sql . ’"’;!
3 . $result = mysql_query($sql) or die(mysql_error());!
Parameter
assignment:
$country ß Luxembourg
Resul;ng
statement:
1. SELECT * FROM hotelList WHERE country=’Luxembourg’!
7
8. Example
Example
code
vulnerable
to
SQL
injec;on:
1 . $sql = "Select * From hotelList where country =’";!
2 . $sql = $sql . $country;!
3 . $sql = $sql . ’"’;!
3 . $result = mysql_query($sql) or die(mysql_error());!
Parameter
assignment:
$country ß ‘ or 1=1 --
Resul;ng
statement:
1. SELECT * FROM hotelList WHERE country=’’ OR 1=1 --’!
8
15. Approach
-‐
Overview
15
WAF SUT
Monitor
Data
base
Test
generator
XAVIER
DB
WSDL Proxy
Input
samples
test reports
16. Approach
–
Test
Genera;on
16
WAF SUT
Monitor
Data
base
Test
generator
XAVIER
DB
WSDL Proxy
Input
samples
test reports
We
want
to
generated
test
cases
that
• result
in
executable
SQL
statements
• bypass
the
web
applica;on
firewall
17. Approach
–
Test
Genera;on
• μ4SQLi
– Muta;on
approach:
manipulate
legal
test
cases
to
become
SQLi
aNacks
17
18. Approach
–
Test
Genera;on
• μ4SQLi
– Muta;on
approach:
manipulate
legal
test
cases
to
become
SQLi
aNacks
– 12
muta;on
operators
grouped
in
3
categories
• Behavior-‐changing
• Syntax-‐repairing
• Obfusca;on
18
19. Approach
–
Test
Genera;on
• μ4SQLi
– Muta;on
approach:
manipulate
legal
test
cases
to
become
SQLi
aNacks
– 12
muta;on
operators
grouped
in
3
categories
• Behavior-‐changing
• Syntax-‐repairing
• Obfusca;on
– A
large
number
of
test
cases
can
be
generated
19
20. Behavior-‐changing
MO
Example
of
a
behavior-‐changing
muta;on
operator
Valid
Input
John
Doe
Apply
MO_or
Malicious
Input
John
Doe’
OR
‘a’=‘a
SELECT
*
FROM
users
WHERE
name=‘John
Doe’
OR
‘a’=‘a’
Execute
SUT
Behavior-‐changing
20
21. Syntax-‐repairing
MO
Example
of
a
syntax-‐repairing
muta;on
operator
Malicious
Input
John
Doe’
OR
‘a’=‘a
SELECT
*
FROM
users
WHERE
func(‘$userinput’)
SELECT
*
FROM
users
WHERE
func(‘John
Doe’
OR
‘a’=‘a’)
Execute
SUT
Behavior-‐changing
è Incorrect SQL syntax,
will not execute
Statement without user input:
21
22. Syntax-‐repairing
MO
Example
of
a
syntax-‐repairing
muta;on
operator
SELECT
*
FROM
users
WHERE
func(‘$userinput’)
Statement without user input:
Malicious
Input
John
Doe’)
OR
‘a’=‘a’
#
SELECT
*
FROM
users
WHERE
func(‘John
Doe’)
OR
‘a’=‘a’
#’)
Execute
SUT
Syntax-‐repairing
22
23. Obfusca;on
MO
Example
of
an
obfusca;on
muta;on
operator
Malicious
Input
John
Doe’/*/OR+‘a’=x’61
SELECT
*
FROM
users
WHERE
name=‘John
Doe’/*/OR+‘a’=x’61’
Execute
SUT
Obfusca;on
23
24. Approach
–
Test
Oracle
24
WAF SUT
Monitor
Data
base
Test
generator
XAVIER
DB
WSDL Proxy
Input
samples
test reports
Monitor:
-‐ Observes
the
traffic
between
SUT
and
database
-‐ Detects
if
a
test
case
triggered
an
SQLi
vulnerability
25. Approach
–
Test
Oracle
• Inspects
if
a
SQL
statement
which
has
been
injected
into
is
executable.
25
$country ß ‘) OR 1=1 --
SELECT * FROM hotelList WHERE country=’’) OR 1=1 --’!
26. Approach
–
Test
Oracle
• Inspects
if
a
SQL
statement
which
has
been
injected
into
is
executable.
$country ß ‘) OR 1=1 --
èANack
is
not
executed
26
SELECT * FROM hotelList WHERE country=’’) OR 1=1 --’!
Syntax
Error:
Missing
Opening
Parenthesis
28. Subjects
28
Applica,on
#
Opera,ons
#
Parameters
KLoC
Hotel
Reserva;on
Service
7
21
1.5
SugarCRM
26
87
352
Total
33
108
353.5
Each
subject
is
tested
with
and
without
firewall
à
4
dis;nct
experiment
setups
29. Baseline
–
Standard
ANacks
• Consists
of
standard
aNacks
– List
of
137
SQLi
aNacks
– Diverse
set
of
known
paNerns
• State-‐of-‐the-‐art
tools
use
such
aNacks
– E.g.
BurpSuite,
SoapUI
29
30. Research
Ques;ons
RQ1:
Are
standard
a*acks
and
mutated
a*acks
(generated
by
μ4SQLi)
likely
to
reveal
exploitable
SQLi
vulnerabili?es?
RQ2:
With
and
without
the
presence
of
the
WAF,
which
input
genera?on
technique
performs
be*er?
30
31. Variables
31
T
–
total
number
of
test
cases
that
generate
SQL
statements
that
get
flagged
by
the
monitor
Te
–
as
T
but
in
addi;on
flagged
SQL
statements
must
be
executable
32. Variables
32
T
–
total
number
of
test
cases
that
generate
SQL
statements
that
get
flagged
by
the
monitor
Te
–
as
T
but
in
addi;on
flagged
SQL
statements
must
be
executable
SUT
DB
ti
s1
s2
…
sn
33. Variables
33
T
–
total
number
of
test
cases
that
generate
SQL
statements
that
get
flagged
by
the
monitor
Te
–
as
T
but
in
addi;on
flagged
SQL
statements
must
be
executable
SUT
DB
ti
s1
s2
…
sn
If
at
least
one
statement
is
flagged,
ti
reveals
a
vulnerabilityà
increment
T
If
the
flagged
statement
is
executable
à
increment
Te
35. Research
Ques;on
1
Are
standard
a*acks
and
mutated
a*acks
(generated
by
μ4SQLi)
likely
to
reveal
exploitable
SQLi
vulnerabili?es?
35
36. Research
Ques;on
1
Are
standard
a*acks
and
mutated
a*acks
(generated
by
μ4SQLi)
likely
to
reveal
exploitable
SQLi
vulnerabili?es?
36
Answer
Both
techniques
can
reveal
SQLi
vulnerabili?es
when
no
firewall
was
used.
Most
vulnerabili?es
are
highly
likely
to
be
detected
with
at
most
a
few
dozen
test
cases
or
less.
37. Research
Ques;on
2
37
With
and
without
the
presence
of
the
WAF,
which
input
genera?on
technique
performs
be*er?
38. Research
Ques;on
2
38
With
and
without
the
presence
of
the
WAF,
which
input
genera?on
technique
performs
be*er?
Answer
μ4SQLi
generates
a
higher
percentage
of
tests
that
can
reveal
SQLi
vulnerabili?es.
Further,
in
the
presence
of
a
WAF,
μ4SQLi
is
also
capable
of
doing
so.
45. Operator
Name
Descrip,on
Behavior-‐Changing
Operators
MO_or
Adds
an
OR-‐clause
to
the
input
MO_and
Adds
an
AND-‐clause
to
the
input
MO_semi
Adds
semicolon
followed
by
an
addi;onal
SQL
statement
Syntax-‐Repairing
Operators
MO_par
Appends
a
parenthesis
to
a
valid
input
MO_cmt
Adds
a
comment
command
(-‐-‐
or
#)
to
an
input
MO_qot
Adds
a
single
or
double
quote
to
an
input
Obfusca,on
Operators
MO_wsp
Changes
the
encoding
of
whitespaces
MO_chr
Changes
the
encoding
of
a
character
literal
MO_html
Changes
the
encoding
of
an
input
to
HTML
en;ty
encoding
MO_per
Changes
the
encoding
of
an
input
to
percentage
encoding
MO_bool
Rewrites
a
boolean
expression
while
preserving
it’s
truth
value
MO_keyw
Changes
capitaliza;on
and
inserts
comments
into
SQL
keywords
45