Detection of SQL Injection Vulnerability in Embedded SQL
Young-Su JANG
Abstract
Embedded SQL inserts SQL statements into the host programming language and executes them at program run time. SQL injection is a known attack technique; however, detection techniques are not introduced in embedded SQL. This paper introduces a technique based on candidate code generation that can detect SQL injection vulnerability in the C/C++ host programming language.
Topics & Concepts
Computer scienceSQL injectionProgramming languageSQLPL/SQLSQL/PSMStored procedureData Transformation ServicesNull (SQL)Language Integrated QueryUser-defined functionCode (set theory)Business Intelligence Markup LanguageData definition languageQuery by ExampleDatabaseOperating systemSet (abstract data type)World Wide WebWeb search querySearch engineWeb Application Security VulnerabilitiesSecurity and Verification in ComputingCloud Data Security Solutions