Formal Analysis of Vulnerabilities of Web Applications Based on SQL Injection (Extended Version)
This addresses security flaws in web applications for developers and security analysts, though it appears incremental as it builds on existing formal methods for SQL injection.
The authors tackled the problem of detecting SQL injection vulnerabilities in web applications by developing a formal approach that models applications and databases, resulting in a prototype tool called SQLfast that discovered a previously unknown attack on Joomla!.
We present a formal approach that exploits attacks related to SQL Injection (SQLi) searching for security flaws in a web application. We give a formal representation of web applications and databases, and show that our formalization effectively exploits SQLi attacks. We implemented our approach in a prototype tool called SQLfast and we show its efficiency on real-world case studies, including the discovery of an attack on Joomla! that no other tool can find.