English
Related papers

Related papers: Preventing SQL Injection through Automatic Query S…

200 papers

Static analysis has established itself as a weapon of choice for detecting security vulnerabilities. Taint analysis in particular is a very general and powerful technique, where security policies are expressed in terms of forbidden flows,…

Cryptography and Security · Computer Science 2021-11-19 Saikat Dutta , Diego Garbervetsky , Shuvendu Lahiri , Max Schäfer

The best practice to prevent Cross Site Scripting (XSS) attacks is to apply encoders to sanitize untrusted data. To balance security and functionality, encoders should be applied to match the web page context, such as HTML body, JavaScript,…

Cryptography and Security · Computer Science 2018-04-06 Mahmoud Mohammadi , Bei-Tseng Chu , Heather Richter Lipford

Text sanitization aims to rewrite parts of a document to prevent disclosure of personal information. The central challenge of text sanitization is to strike a balance between privacy protection (avoiding the leakage of personal information)…

Computation and Language · Computer Science 2025-09-03 Ildikó Pilán , Benet Manzanares-Salor , David Sánchez , Pierre Lison

Web services use server-side input sanitization to guard against harmful input. Some web services publish their sanitization logic to make their client interface more usable, e.g., allowing clients to debug invalid requests locally.…

Cryptography and Security · Computer Science 2023-03-06 Efe Barlas , Xin Du , James C. Davis

The C and C++ programming languages are notoriously insecure yet remain indispensable. Developers therefore resort to a multi-pronged approach to find security issues before adversaries. These include manual, static, and dynamic program…

Cryptography and Security · Computer Science 2018-06-13 Dokyung Song , Julian Lettner , Prabhu Rajasekaran , Yeoul Na , Stijn Volckaert , Per Larsen , Michael Franz

The increasing adoption of LLM agents with access to numerous tools and sensitive data significantly widens the attack surface for indirect prompt injections. Due to the context-dependent nature of attacks, however, current defenses are…

Cryptography and Security · Computer Science 2025-10-13 Debeshee Das , Luca Beurer-Kellner , Marc Fischer , Maximilian Baader

XSS is a security vulnerability that permits injecting malicious code into the client side of a web application. In the simplest situations, XSS vulnerabilities arise when a web application includes the user input in the web output without…

Cryptography and Security · Computer Science 2020-08-10 Antonín Steinhauser , Petr Tůma

Data Mining is a way of extracting data or uncovering hidden patterns of information from databases. So, there is a need to prevent the inference rules from being disclosed such that the more secure data sets cannot be identified from non…

Cryptography and Security · Computer Science 2013-09-02 A. S. Syed Navaz , M. Ravi , T. Prabhu

Data mining and information extraction from data is a field that has gained relevance in recent years thanks to techniques based on artificial intelligence and use of machine and deep learning. The main aim of the present work is the…

Cryptography and Security · Computer Science 2022-09-15 M Lodeiro-Santiago , C Caballero-Gil , P Caballero-Gil

Information security is protecting information from unauthorized access, use, disclosure, disruption, modification, perusal and destruction. CAIN model suggest maintaining the Confidentiality, Authenticity, Integrity and Non-repudiation…

Cryptography and Security · Computer Science 2012-05-23 Praveen Sivadasan , P. Sojan Lal

This paper describes an advanced SQL injection technique where DNS resolution process is exploited for retrieval of malicious SQL query results. Resulting DNS requests are intercepted by attackers themselves at the controlled remote name…

Cryptography and Security · Computer Science 2013-03-14 Miroslav Stampar

Large Language Models (LLMs) are increasingly deployed in agentic systems that interact with an external environment; this makes them susceptible to prompt injections when dealing with untrusted data. To overcome this limitation, we propose…

Cryptography and Security · Computer Science 2026-01-21 Nils Philipp Walter , Chawin Sitawarin , Jamie Hayes , David Stutz , Ilia Shumailov

Sanitizing sensitive text data typically involves removing personally identifiable information (PII) or generating synthetic data under the assumption that these methods adequately protect privacy; however, their effectiveness is often only…

Cryptography and Security · Computer Science 2026-03-17 Rui Xin , Niloofar Mireshghallah , Shuyue Stella Li , Michael Duan , Hyunwoo Kim , Yejin Choi , Yulia Tsvetkov , Sewoong Oh , Pang Wei Koh

Web applications continue to be a favorite target for hackers due to a combination of wide adoption and rapid deployment cycles, which often lead to the introduction of high impact vulnerabilities. Static analysis tools are important to…

Cryptography and Security · Computer Science 2022-01-19 Ibéria Medeiros , Nuno Neves , Miguel Correia

In this paper, we present a concolic execution technique for detecting SQL injection vulnerabilities in Android apps, with a new tool we called ConsiDroid. We extend the source code of apps with mocking technique, such that the execution of…

Software Engineering · Computer Science 2019-08-09 Ehsan Edalat , Babak Sadeghiyan , Fatemeh Ghassemi

The best practice to prevent Cross Site Scripting (XSS) attacks is to apply encoders to sanitize untrusted data. To balance security and functionality, encoders should be applied to match the web page context, such as HTML body, JavaScript,…

Cryptography and Security · Computer Science 2018-04-04 Mahmoud Mohammadi , Bill Chu , Heather Richter Lipford

Existing SQL access control mechanisms are extremely limited. Attackers can leak information and escalate their privileges using advanced database features such as views, triggers, and integrity constraints. This is not merely a problem of…

Cryptography and Security · Computer Science 2016-11-18 Marco Guarnieri , Srdjan Marinovic , David Basin

Large Language Models (LLMs) have found widespread applications in various domains, including web applications, where they facilitate human interaction via chatbots with natural language interfaces. Internally, aided by an LLM-integration…

Cryptography and Security · Computer Science 2025-01-29 Rodrigo Pedro , Daniel Castro , Paulo Carreira , Nuno Santos

Sanitizers provide robust test oracles for various software vulnerabilities. Fuzzing on sanitizer-enabled programs has been the best practice to find software bugs. Since sanitizers need to heavily instrument a target program to insert…

Cryptography and Security · Computer Science 2025-02-13 Ziqiao Kong , Shaohua Li , Heqing Huang , Zhendong Su

This paper proposes a novel visual model for web applications security monitoring. Although an automated intrusion detection system can shield a web application from common attacks, it usually cannot detect more complicated break-ins. So, a…

Cryptography and Security · Computer Science 2019-04-09 Tran Tri Dang , Tran Khanh Dang