Item Details

Print View

Automatically Hardening Web Applications Using Precise Tainting

NguyenTuong, Anh; Guarnieri, Salvatore; Greene, Doug; Evans, David
Format
Report
Author
NguyenTuong, Anh
Guarnieri, Salvatore
Greene, Doug
Evans, David
Abstract
Most web applications contain security vulnerabili- ties. The simple and natural ways of creating a web application are prone to SQL injection attacks and cross-site scripting attacks (among other less common vulnerabilities). In response, many tools have been developed for detecting or mitigating common web application vulnerabilities. Existing techniques either require effort from the site developer or are prone to false positives. This paper presents a fully automated approach to securely hardening web applications. It is based on precisely tracking taintedness of data and checking specifically for dangerous content in only in parts of commands and output that came from untrustworthy sources. Unlike previous work in which everything that is derived from tainted input is tainted, our approach precisely tracks taintedness within data values. We describe our results and prototype implementation on the predominant LAMP (Linux, Apache, MySQL, PHP) platform.
Language
English
Date Received
2012-10-29
Published
University of Virginia, Department of Computer Science, 2004
Published Date
2004
Collection
Libra Open Repository
In CopyrightIn Copyright
▾See more
▴See less

Availability

Access Online