Automatically Hardening Web Applications Using Precise Tainting

Most web applications contain security vulnerabilities. The simple and natural ways of creating a web application are prone to SQL injection attacks and cross-site scripting attacks as well as other less common vulnerabilities. In response, many tools have been developed for detecting or mitigating common web application vulnerabilities. Existing techniques either require effort from the site developer or are prone to false positives. This paper presents a fully automated approach to securely hardening web applications. It is based on precisely tracking taintedness of data and checking specifically for dangerous content only in parts of commands and output that came from untrustworthy sources. Unlike previous work in which everything that is derived from tainted input is tainted, our approach precisely tracks taintedness within data values.

[1]  K J Biba,et al.  Integrity Considerations for Secure Computer Systems , 1977 .

[2]  K. J. Bma Integrity considerations for secure computer systems , 1977 .

[3]  David Thomas,et al.  Programming Ruby: the pragmatic programmer's guide , 2000 .

[4]  Paolo Tonella,et al.  Analysis and testing of Web applications , 2001, Proceedings of the 23rd International Conference on Software Engineering. ICSE 2001.

[5]  David A. Wagner,et al.  This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Detecting Format String Vulnerabilities with Type Qualifiers , 2001 .

[6]  Richard Sharp,et al.  Abstracting application-level web security , 2002, WWW.

[7]  Michael Benedikt,et al.  VeriWeb: Automatically Testing Dynamic Web Sites , 2002 .

[8]  David Evans,et al.  Improving Security Using Extensible Lightweight Static Analysis , 2002, IEEE Softw..

[9]  Janet Valade,et al.  PHP & MySQL for Dummies , 2002 .

[10]  David Endler,et al.  The Evolution of Cross Site Scripting Attacks , 2002 .

[11]  Angelos D. Keromytis,et al.  Countering code-injection attacks with instruction-set randomization , 2003, CCS '03.

[12]  Shih-Kun Huang,et al.  Web application security assessment by fault injection and behavior monitoring , 2003, WWW '03.

[13]  David Litchfield,et al.  SQL Server Security , 2003 .

[14]  Nicholas Nethercote,et al.  Valgrind: A Program Supervision Framework , 2003, RV@CAV.

[15]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[16]  Angelos D. Keromytis,et al.  SQLrand: Preventing SQL Injection Attacks , 2004, ACNS.

[17]  A. Jefferson Offutt,et al.  Bypass testing of Web applications , 2004, 15th International Symposium on Software Reliability Engineering.

[18]  D. T. Lee,et al.  Securing web application code by static analysis and runtime protection , 2004, WWW '04.

[19]  Gary McGraw,et al.  Exploiting Software: How to Break Code , 2004 .

[20]  James Newsome,et al.  Dynamic Taint Analysis for Automatic Detection, Analysis, and SignatureGeneration of Exploits on Commodity Software , 2005, NDSS.

[21]  Stephen Kost An Introduction to SQL Injection Attacks for Oracle Developers , 2007 .

[22]  L.,et al.  SECURE COMPUTER SYSTEMS : MATHEMATICAL FOUNDATIONS , 2022 .