Presentation is loading. Please wait.

Presentation is loading. Please wait.

Type-based Taint Analysis for Java Web Applications Wei Huang, Yao Dong and Ana Milanova Rensselaer Polytechnic Institute 1.

Published byErica Dryer Modified over 9 years ago

Similar presentations

Presentation on theme: "Type-based Taint Analysis for Java Web Applications Wei Huang, Yao Dong and Ana Milanova Rensselaer Polytechnic Institute 1."— Presentation transcript:

1 Type-based Taint Analysis for Java Web Applications Wei Huang, Yao Dong and Ana Milanova Rensselaer Polytechnic Institute 1

2 Taint Analysis for Java Web Applications Tracks flows from untrusted sources to sensitive sinks ◦ Such flows can cause SQL-injection, Cross-site scripting, other attacks 2 Untrusted input Sensitive sinks unsanitized SOURCES : ServletRequest.getParameter(), etc. SOURCES : ServletRequest.getParameter(), etc. SINKS : Statement.execute(), etc SINKS : Statement.execute(), etc

3 SQL Injection HttpServletRequest req =...; Statement stat =...; String user = req.getParameter(“user”); String query = “SELECT * FROM Users WHERE name = “ + user; stat.execute(query); Tainted input “John OR 1=1” SELECT * FROM Users WHERE name = John OR 1 = 1 SELECT * FROM Users WHERE name = John OR 1 = 1 3

4 Work on Taint Analysis Finding Security Vulnerabilities with Static Analysis [Livshits and Lam, Usenix Security’05] TAJ [Tripp et al. PLDI’09] F4F [Sridharan et al. OOPSLA’11] Andromeda [Tripp et al. FASE’13] TAJ, F4F and Andromeda are included in a commercial tool from IBM, called AppScan 4

5 Issues with Existing Work Dataflow and points-to based approaches Reflection Libraries Frameworks 5

6 Our Type-based Taint Analysis SFlow: a type system SFlowInfer: inference tool for SFlow ◦ Takes Java program where sources are typed tainted and sinks are typed safe ◦ Infers SFlow types for the rest of the variables ◦ If inference succeeds --- no flows from sources to sinks ◦ If it fails with type errors --- potential flows Easily and effectively handles reflection, libraries and frameworks 6

7 Inference and Checking Framework 7 Unified Typing Rules Set-Based Solver Extract Typing Type Checking Parameters Instantiated Rules Set-based Solution Concrete Typing Program Source Annotated Libraries Annotated Libraries Immutability (ReIm) Universe Types (UT) Ownership Types (OT) SFlow AJ EnerJ More? Immutability (ReIm) Universe Types (UT) Ownership Types (OT) SFlow AJ EnerJ More?

8 SFlowInfer The instantiated inference tool Detects (or verifies the absence of) information flow violations Java source Annotated Libraries SFlowInfer Result Sources and Sinks 8

9 SQL Injection HttpServletRequest req =...; Statement stat =...; tainted String user = req.getParameter(“user”); tainted String query = “SELECT * FROM Users WHERE name = “ + user; stat.execute(query); Source: the return value is tainted Type error! Sink: the parameter is safe Subtyping: safe <: tainted Subtyping: safe <: tainted 9

10 Contributions SFlow: A context-sensitive type system for secure information flow SFlowInfer: An inference algorithm for SFlow ◦ SFlowInfer is an effective taint analysis tool Implementation and evaluation 10

11 Outline SFlow type system Inference algorithm for SFlow Handling of reflection, libraries and frameworks Implementation and evaluation 11

12 SFlow Type Qualifiers tainted: A variable x is tainted, if there is flow from an untrusted source to x safe: A variable x is safe if there is flow from x to a safe sink poly: The polymorphic qualifier, can be instantiated to tainted or safe safe <: poly <: tainted 12

13 Instantiated Typing Rules for SFlow (TCALL) T Viewpoint adaptation accounts for context sensitivity. q y is the context of adaptation. Additional constraints… 13

14 Outline SFlow type system Inference algorithm for SFlow Handling of reflection, libraries and frameworks Implementation and evaluation 14

15 Inference and Checking Framework 15 Unified Typing Rules Set-Based Solver Extract Typing Type Checking Parameters Instantiated Rules Set-based Solution Concrete Typing Program Source Annotated Libraries Annotated Libraries Immutability (ReIm) Universe Types (UT) Ownership Types (OT) SFlow AJ EnerJ More? Immutability (ReIm) Universe Types (UT) Ownership Types (OT) SFlow AJ EnerJ More?

16 Set-based Solver Set Mapping S : ◦ variable  {tainted, poly, safe} Iterates over statements s ◦ Removes infeasible qualifiers for each variable in s according to the typing rule Until reaches a fixpoint, and outputs ◦ Type errors if one or more variables get assigned the empty set, or ◦ A set-based solution 16

17 From Stanford Securibench-micro 17 StringBuffer buf; … foo(buf, buf, resp, req); void foo(StringBuffer b, StringBuffer b2, ServletResponse resp, ServletRequest req) { String name; name = req.getParameter(NAME);//source b.append(name); PrintWriter writer = resp.getWriter(); String str = b2.toString(); writer.println(str); //sink } StringBuffer buf; … foo(buf, buf, resp, req); void foo(StringBuffer b, StringBuffer b2, ServletResponse resp, ServletRequest req) { String name; name = req.getParameter(NAME);//source b.append(name); PrintWriter writer = resp.getWriter(); String str = b2.toString(); writer.println(str); //sink }

18 From Stanford Securibench-micro 18 StringBuffer buf; … foo(buf, buf, resp, req); void foo(StringBuffer b, StringBuffer b2, ServletResponse resp, ServletRequest req) { String name; name = req.getParameter(NAME);//source b.append(name); PrintWriter writer = resp.getWriter(); String str = b2.toString(); writer.println(str); //sink } StringBuffer buf; … foo(buf, buf, resp, req); void foo(StringBuffer b, StringBuffer b2, ServletResponse resp, ServletRequest req) { String name; name = req.getParameter(NAME);//source b.append(name); PrintWriter writer = resp.getWriter(); String str = b2.toString(); writer.println(str); //sink }

19 From Stanford Securibench-micro 19 StringBuffer buf; … foo(buf, buf, resp, req); void foo(StringBuffer b, StringBuffer b2, ServletResponse resp, ServletRequest req) { String name; name = req.getParameter(NAME);//source b.append(name); PrintWriter writer = resp.getWriter(); String str = b2.toString(); writer.println(str); //sink } StringBuffer buf; … foo(buf, buf, resp, req); void foo(StringBuffer b, StringBuffer b2, ServletResponse resp, ServletRequest req) { String name; name = req.getParameter(NAME);//source b.append(name); PrintWriter writer = resp.getWriter(); String str = b2.toString(); writer.println(str); //sink }

20 From Stanford Securibench-micro 20 StringBuffer buf; … foo(buf, buf, resp, req); void foo(StringBuffer b, StringBuffer b2, ServletResponse resp, ServletRequest req) { String name; name = req.getParameter(NAME);//source b.append(name); PrintWriter writer = resp.getWriter(); String str = b2.toString(); writer.println(str); //sink } StringBuffer buf; … foo(buf, buf, resp, req); void foo(StringBuffer b, StringBuffer b2, ServletResponse resp, ServletRequest req) { String name; name = req.getParameter(NAME);//source b.append(name); PrintWriter writer = resp.getWriter(); String str = b2.toString(); writer.println(str); //sink }

21 From Stanford Securibench-micro 21 StringBuffer buf; … foo(buf, buf, resp, req); void foo(StringBuffer b, StringBuffer b2, ServletResponse resp, ServletRequest req) { String name; name = req.getParameter(NAME);//source b.append(name); PrintWriter writer = resp.getWriter(); String str = b2.toString(); writer.println(str); //sink } StringBuffer buf; … foo(buf, buf, resp, req); void foo(StringBuffer b, StringBuffer b2, ServletResponse resp, ServletRequest req) { String name; name = req.getParameter(NAME);//source b.append(name); PrintWriter writer = resp.getWriter(); String str = b2.toString(); writer.println(str); //sink }

22 From Stanford Securibench-micro 22 StringBuffer buf; … foo(buf, buf, resp, req); void foo(StringBuffer b, StringBuffer b2, ServletResponse resp, ServletRequest req) { String name; name = req.getParameter(NAME);//source b.append(name); PrintWriter writer = resp.getWriter(); String str = b2.toString(); writer.println(str); //sink, BAD! } StringBuffer buf; … foo(buf, buf, resp, req); void foo(StringBuffer b, StringBuffer b2, ServletResponse resp, ServletRequest req) { String name; name = req.getParameter(NAME);//source b.append(name); PrintWriter writer = resp.getWriter(); String str = b2.toString(); writer.println(str); //sink, BAD! }

23 Set-based Solver 23 {tainted,poly,safe} StringBuffer buf; … foo(buf, buf, resp, req); void foo({tainted,poly,safe} StringBuffer b, {tainted,poly,safe} StringBuffer b2, ServletResponse resp, ServletRequest req) { {tainted,poly,safe} String name; name = req.getParameter(NAME);//source b.append(name); PrintWriter writer = resp.getWriter(); {tainted,poly,safe} String str = b2.toString(); writer.println(str); //sink, BAD: flow from source! } {tainted,poly,safe} StringBuffer buf; … foo(buf, buf, resp, req); void foo({tainted,poly,safe} StringBuffer b, {tainted,poly,safe} StringBuffer b2, ServletResponse resp, ServletRequest req) { {tainted,poly,safe} String name; name = req.getParameter(NAME);//source b.append(name); PrintWriter writer = resp.getWriter(); {tainted,poly,safe} String str = b2.toString(); writer.println(str); //sink, BAD: flow from source! }

24 Set-based Solver 24 {tainted,poly,safe} StringBuffer buf; … foo(buf, buf, resp, req); void foo({tainted,poly,safe} StringBuffer b, {tainted,poly,safe} StringBuffer b2, ServletResponse resp, ServletRequest req) { {tainted,poly,safe} String name; name = req.getParameter(NAME);//source b.append(name); PrintWriter writer = resp.getWriter(); {tainted,poly,safe} String str = b2.toString(); writer.println(str); //sink, BAD: flow from source! } {tainted,poly,safe} StringBuffer buf; … foo(buf, buf, resp, req); void foo({tainted,poly,safe} StringBuffer b, {tainted,poly,safe} StringBuffer b2, ServletResponse resp, ServletRequest req) { {tainted,poly,safe} String name; name = req.getParameter(NAME);//source b.append(name); PrintWriter writer = resp.getWriter(); {tainted,poly,safe} String str = b2.toString(); writer.println(str); //sink, BAD: flow from source! }

25 Set-based Solver 25 {tainted,poly,safe} StringBuffer buf; … foo(buf, buf, resp, req); void foo({tainted,poly,safe} StringBuffer b, {tainted,poly,safe} StringBuffer b2, ServletResponse resp, ServletRequest req) { {tainted,poly,safe} String name; name = req.getParameter(NAME);//source b.append(name); PrintWriter writer = resp.getWriter(); {tainted,poly,safe} String str = b2.toString(); writer.println(str); //sink, BAD: flow from source! } {tainted,poly,safe} StringBuffer buf; … foo(buf, buf, resp, req); void foo({tainted,poly,safe} StringBuffer b, {tainted,poly,safe} StringBuffer b2, ServletResponse resp, ServletRequest req) { {tainted,poly,safe} String name; name = req.getParameter(NAME);//source b.append(name); PrintWriter writer = resp.getWriter(); {tainted,poly,safe} String str = b2.toString(); writer.println(str); //sink, BAD: flow from source! }

26 Set-based Solver 26 {tainted,poly,safe} StringBuffer buf; … foo(buf, buf, resp, req); void foo({tainted,poly,safe} StringBuffer b, {tainted,poly,safe} StringBuffer b2, ServletResponse resp, ServletRequest req) { {tainted,poly,safe} String name; name = req.getParameter(NAME);//source b.append(name); PrintWriter writer = resp.getWriter(); {tainted,poly,safe} String str = b2.toString(); writer.println(str); //sink, BAD: flow from source! } {tainted,poly,safe} StringBuffer buf; … foo(buf, buf, resp, req); void foo({tainted,poly,safe} StringBuffer b, {tainted,poly,safe} StringBuffer b2, ServletResponse resp, ServletRequest req) { {tainted,poly,safe} String name; name = req.getParameter(NAME);//source b.append(name); PrintWriter writer = resp.getWriter(); {tainted,poly,safe} String str = b2.toString(); writer.println(str); //sink, BAD: flow from source! }

27 Set-based Solver 27 {tainted,poly,safe} StringBuffer buf; … foo(buf, buf, resp, req); void foo({tainted,poly,safe} StringBuffer b, {tainted,poly,safe} StringBuffer b2, ServletResponse resp, ServletRequest req) { {tainted,poly,safe} String name; name = req.getParameter(NAME);//source b.append(name); PrintWriter writer = resp.getWriter(); {tainted,poly,safe} String str = b2.toString(); writer.println(str); //sink, BAD: flow from source! } {tainted,poly,safe} StringBuffer buf; … foo(buf, buf, resp, req); void foo({tainted,poly,safe} StringBuffer b, {tainted,poly,safe} StringBuffer b2, ServletResponse resp, ServletRequest req) { {tainted,poly,safe} String name; name = req.getParameter(NAME);//source b.append(name); PrintWriter writer = resp.getWriter(); {tainted,poly,safe} String str = b2.toString(); writer.println(str); //sink, BAD: flow from source! }

28 Set-based Solver 28 {tainted,poly,safe} StringBuffer buf; … foo(buf, buf, resp, req); void foo({tainted,poly,safe} StringBuffer b, {tainted,poly,safe} StringBuffer b2, ServletResponse resp, ServletRequest req) { {tainted,poly,safe} String name; name = req.getParameter(NAME);//source b.append(name); PrintWriter writer = resp.getWriter(); {tainted,poly,safe} String str = b2.toString(); writer.println(str); //sink } {tainted,poly,safe} StringBuffer buf; … foo(buf, buf, resp, req); void foo({tainted,poly,safe} StringBuffer b, {tainted,poly,safe} StringBuffer b2, ServletResponse resp, ServletRequest req) { {tainted,poly,safe} String name; name = req.getParameter(NAME);//source b.append(name); PrintWriter writer = resp.getWriter(); {tainted,poly,safe} String str = b2.toString(); writer.println(str); //sink } Type error! tainted or poly str cannot be assigned to safe parameter!

29 Set-based Solver (Cont’d) What if the set-based solver terminates without a type error? Extract the maximal typing from set-based solution according to preference ranking tainted > poly > safe ◦ If S(x) = {poly, safe} the maximal typing types x poly Unfortunately, the maximal typing for SFlow does not always type-check 29

30 Inference and Checking Framework 30 Unified Typing Rules Set-Based Solver Extract Typing Type Checking Parameters Instantiated Rules Set-based Solution Concrete Typing Program Source Annotated Libraries Annotated Libraries Immutability (ReIm) Universe Types (UT) Ownership Types (OT) SFlow AJ EnerJ More? Immutability (ReIm) Universe Types (UT) Ownership Types (OT) SFlow AJ EnerJ More?

31 Maximal Typing class A { {String f; {String get(A this) { return this.f; } A y =...; String x = y.get(); writer.println(x); // sink Unfortunately, the maximal typing for SFlow does not always type-check! 31

32 Maximal Typing (Cont’d) class A { {poly} String f; {poly,safe} String get({poly,safe} this) { return this.f; } {tainted,poly,safe} A y =...; {safe} String x = y.get(); writer.println(x); 32

33 Maximal Typing (Cont’d) class A { {poly} String f; {poly,safe} String get({poly,safe} this) { return this.f; } {tainted,poly,safe} A y =...; {safe} String x = y.get(); writer.println(x); 33

34 Maximal Typing (Cont’d) class A { {poly} String f; {poly,safe} String get({poly,safe} this) { return this.f; } {tainted,poly,safe} A y =...; {safe} String x = y.get(); writer.println(x); ✗ 34

35 Method Summary Constraints Reflect the relations between parameters and return values Further remove infeasible qualifiers String id(String p) { String x = p; return x; } 35

36 Method Summary Constraints (Cont’d) class A { {poly} String f; {poly,safe} String get({poly,safe} this) { return this.f; } {tainted,poly,safe} A y =...; {safe} String x = y.get(); writer.println(x); 36

37 Method Summary Constraints (Cont’d) class A { {poly} String f; {poly,safe} String get({poly,safe} this) { return this.f; } {tainted,poly,safe} A y =...; {safe} String x = y.get(); writer.println(x); ✔ 37

38 Outline SFlow type system Inference algorithm for SFlow Handling of reflection, libraries and frameworks Implementation and evaluation 38

39 Reflection, Libraries and Frameworks Reflective object creation is easy! There is no need to abstract heap objects! Flow from x to y is reflected through subtyping x <: y 39 X x = (X)Class.forName(“str”).newInstance(); x.f = a; // a is a source y = x; b = y.f; // b is a sink

40 Reflection, Libraries and Frameworks (Cont’d) Libraries (JDK, third-party, frameworks) Unknown library methods are typed poly, poly  poly safe l = r.m(r1,r2) l = r.m(tainted r1,r2) 40

41 Reflection, Libraries and Frameworks (Cont’d) Frameworks (e.g., Struts, Spring) ◦ Framework classes/interfaces are subclassed/implemented in web application code Superclass-subclass relation is handled using function subtyping constraints UserAction.execute(ActionForm userForm) <: Action.execute(tainted ActionForm form) entails form <: userForm //userForm is tainted 41

42 Outline SFlow type system Inference algorithm for SFlow Handling of reflection, libraries and frameworks Implementation and evaluation 42

43 Implementation Built in inference and checking framework for pluggable types [Huang et al. ECOOP’12] ◦ Instantiated framework with SFlow ◦ Built on top of the Checker Framework [Papi et al. ISSTA’08, Dietl et al. ICSE’11] Publicly available at ◦ http://code.google.com/p/type-inference/ 43

44 Evaluation DroidBench ◦ A suit of 39 Android apps by [Arzt et al. PLDI’14 ] for evaluating taint analysis for Android Java web applications ◦ Stanford Securibench: a suit by Ben Livshits designed for evaluating taint analysis ◦ Other web applications from previous work ◦ 13 web applications comprising 473kLOC 44

45 DroidBench [ Arzt et al. PLDI’14 ] Tool NameAppScanFortify SCAFlowDroi d SFlowInfer Correct warning ✔ 14172628 False warning ✖ 5449 Missed flow 141120 Precision ✔ /( ✔ + ✖ ) 74%81%86%76% Recall ✔ /( ✔ +) 50%61%93%100% SFlowInfer outperforms AppScan and Fortify SCA FlowDroid [ Arzt et al. PLDI’14 ] is flow-sensitive ◦ DroidBench is designed for flow sensitivity 45

46 Java Web Applications We manually examined all type errors Parameter Manipulation / SQL Injection ◦ 7 benchmarks have no type errors ◦ 66 type errors correspond to true flows ◦ Average false positive rate: 15% Parameter Manipulation / XSS ◦ 8 benchmarks have no type errors ◦ 143 type errors correspond to true flows ◦ Average false positive rate: 4% 46

47 Runtime Performance SFlowInfer takes less than 3 minutes on all but 2 benchmarks Largest benchmark, photov 126kLOC, takes 640 seconds ◦ Can be optimized Maximal heap size is set to 2GB! 47

48 Conclusion A type system for secure information flow An efficient type inference algorithm ◦ Effective taint analysis tool Evaluation on 473kLOC Publicly available at ◦ http://code.google.com/p/type-inference/ 48

Download ppt "Type-based Taint Analysis for Java Web Applications Wei Huang, Yao Dong and Ana Milanova Rensselaer Polytechnic Institute 1."

Similar presentations

Runtime Prevention & Recovery Protect existing applications Advantages: Prevents vulnerabilities from doing harm Safe mode for Web application execution.

Runtime Prevention & Recovery Protect existing applications Advantages: Prevents vulnerabilities from doing harm Safe mode for Web application execution.
Preventing Web Application Injections with Complementary Character Coding Raymond Mui Phyllis Frankl Polytechnic Institute of NYU Presented at ESORICS.

Preventing Web Application Injections with Complementary Character Coding Raymond Mui Phyllis Frankl Polytechnic Institute of NYU Presented at ESORICS.
Teachable Static Analysis Workbench by Igor Konnov, Dmitry Kozlov.

Teachable Static Analysis Workbench by Igor Konnov, Dmitry Kozlov.
Designed-in Security Some Major Challenges Security Group Department of Computer Science University of California, Santa Barbara Trustworthy.

Designed-in Security Some Major Challenges Security Group Department of Computer Science University of California, Santa Barbara Trustworthy.
GATEKEEPER MOSTLY STATIC ENFORCEMENT OF SECURITY AND RELIABILITY PROPERTIES FOR JAVASCRIPT CODE Salvatore Guarnieri & Benjamin Livshits Presented by Michael.

GATEKEEPER MOSTLY STATIC ENFORCEMENT OF SECURITY AND RELIABILITY PROPERTIES FOR JAVASCRIPT CODE Salvatore Guarnieri & Benjamin Livshits Presented by Michael.
Finding Security Errors in Java Applications Using Lightweight Static Analysis Benjamin Livshits Computer Science Lab Stanford University.

Finding Security Errors in Java Applications Using Lightweight Static Analysis Benjamin Livshits Computer Science Lab Stanford University.
Omer Tripp November 9 th, 2009 Static Analysis for Security A Case Study in the Automation of Code Auditing.

Omer Tripp November 9 th, 2009 Static Analysis for Security A Case Study in the Automation of Code Auditing.
SOFTWARE SECURITY JORINA VAN MALSEN 1 FLAX: Systematic Discovery of Client-Side Validation Vulnerabilities in Rich Web Applications.

SOFTWARE SECURITY JORINA VAN MALSEN 1 FLAX: Systematic Discovery of Client-Side Validation Vulnerabilities in Rich Web Applications.
ReferencesReferences DiscussionDiscussion Vulnerability Example: SQL injection Auditing Tool for Eclipse LAPSE: a Security Auditing Tool for Eclipse IntroductionIntroductionResultsResults.

ReferencesReferences DiscussionDiscussion Vulnerability Example: SQL injection Auditing Tool for Eclipse LAPSE: a Security Auditing Tool for Eclipse IntroductionIntroductionResultsResults.
Leveraging User Interactions for In-Depth Testing of Web Applications Sean McAllister, Engin Kirda, and Christopher Kruegel RAID ’08 1 Seoyeon Kang November.

Leveraging User Interactions for In-Depth Testing of Web Applications Sean McAllister, Engin Kirda, and Christopher Kruegel RAID ’08 1 Seoyeon Kang November.
Sound and Precise Analysis of Web Applications for Injection Vulnerabilities Gary Wassermann and Zhendong Su UC Davis Slides from

Sound and Precise Analysis of Web Applications for Injection Vulnerabilities Gary Wassermann and Zhendong Su UC Davis Slides from
1 Detecting Logic Vulnerabilities in E- Commerce Applications Presenter: Liu Yin Slides Adapted from Fangqi Sun Computer Science Department College of.

1 Detecting Logic Vulnerabilities in E- Commerce Applications Presenter: Liu Yin Slides Adapted from Fangqi Sun Computer Science Department College of.
CQual: A Tool for Adding Type Qualifiers to C Jeff Foster et al UC Berkeley OSQ Retreat, May 21-23 2002.

CQual: A Tool for Adding Type Qualifiers to C Jeff Foster et al UC Berkeley OSQ Retreat, May
Λ λ Language Based Security TAJ: Effective Taint Analysis of Web Applications PLDI 2009 Omer Tripp IBM Software Group Marco Pistoia IBM.

Λ λ Language Based Security TAJ: Effective Taint Analysis of Web Applications PLDI 2009 Omer Tripp IBM Software Group Marco Pistoia IBM.
1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.

1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.
Automatic Creation of SQL Injection and Cross-Site Scripting Attacks 2nd-order XSS attacks 1st-order XSS attacks SQLI attacks Adam Kiezun, Philip J. Guo,

Automatic Creation of SQL Injection and Cross-Site Scripting Attacks 2nd-order XSS attacks 1st-order XSS attacks SQLI attacks Adam Kiezun, Philip J. Guo,
+ Websites Vulnerabilities. + Content Expand of The Internet Use of the Internet Examples Importance of the Internet How to find Security Vulnerabilities.

+ Websites Vulnerabilities. + Content Expand of The Internet Use of the Internet Examples Importance of the Internet How to find Security Vulnerabilities.
TAJ: Effective Taint Analysis of Web Applications

TAJ: Effective Taint Analysis of Web Applications
Analysis of SQL injection prevention using a proxy server By: David Rowe Supervisor: Barry Irwin.

Analysis of SQL injection prevention using a proxy server By: David Rowe Supervisor: Barry Irwin.
SQL INJECTION COUNTERMEASURES &

SQL INJECTION COUNTERMEASURES &

Similar presentations

Ads by Google