English
Related papers

Related papers: You shall not pass: Mitigating SQL Injection Attac…

200 papers

Coverage-guided fuzz testing has received significant attention from the research community, with a strong focus on binary applications, greatly disregarding other targets, such as web applications. The importance of the World Wide Web in…

Cryptography and Security · Computer Science 2024-07-02 Sebastian Neef , Lorenz Kleissner , Jean-Pierre Seifert

Web applications require access to the file-system for many different tasks. When analyzing the security of a web application, secu- rity analysts should thus consider the impact that file-system operations have on the security of the whole…

Cryptography and Security · Computer Science 2017-05-11 Federico De Meo , Luca Viganò

In this paper, we present a concolic execution technique for detecting SQL injection vulnerabilities in Android apps, with a new tool we called ConsiDroid. We extend the source code of apps with mocking technique, such that the execution of…

Software Engineering · Computer Science 2019-08-09 Ehsan Edalat , Babak Sadeghiyan , Fatemeh Ghassemi

Large language models (LLMs) have shown state-of-the-art results in translating natural language questions into SQL queries (Text-to-SQL), a long-standing challenge within the database community. However, security concerns remain largely…

Cryptography and Security · Computer Science 2025-09-09 Meiyu Lin , Haichuan Zhang , Jiale Lao , Renyuan Li , Yuanchun Zhou , Carl Yang , Yang Cao , Mingjie Tang

The Semantic Web (SW) is a significant advancement in the field of Internet technologies and an uncharted territory as far as security is concerned. In this paper we investigate and assess the impact of known attacks of SPARQL/SPARUL…

Cryptography and Security · Computer Science 2017-01-27 Fatmah Bamashmoos , Ian Holyer , Theo Tryfonas , Przemyslaw Woznowski

Large Language Models (LLMs) are susceptible to jailbreak attacks that can induce them to generate harmful content. Previous jailbreak methods primarily exploited the internal properties or capabilities of LLMs, such as optimization-based…

Cryptography and Security · Computer Science 2025-05-22 Jiawei Zhao , Kejiang Chen , Weiming Zhang , Nenghai Yu

Although it has been demonstrated that Natural Language Processing (NLP) algorithms are vulnerable to deliberate attacks, the question of whether such weaknesses can lead to software security threats is under-explored. To bridge this gap,…

Computation and Language · Computer Science 2024-05-14 Xutan Peng , Yipeng Zhang , Jingfeng Yang , Mark Stevenson

The latest advancements in large language models (LLMs) have sparked interest in their potential for software vulnerability detection. However, there is currently a lack of research specifically focused on vulnerabilities in the PHP…

Cryptography and Security · Computer Science 2024-10-11 Di Cao , Yong Liao , Xiuwei Shang

As the first defensive layer that attacks would hit, the web application firewall (WAF) plays an indispensable role in defending against malicious web attacks like SQL injection (SQLi). With the development of cloud computing,…

Cryptography and Security · Computer Science 2024-01-10 Zhenqing Qu , Xiang Ling , Ting Wang , Xiang Chen , Shouling Ji , Chunming Wu

The popularity of content management software (CMS) is growing vastly to the web developers and the business people because of its capacity for easy accessibility, manageability and usability of the distributed website contents. As per the…

Cryptography and Security · Computer Science 2017-11-08 Md. Maruf Hassan , Kaushik Sarker , Saikat Biswas , Md. Hasan Sharif

Integrity and security of the data in database systems are typically maintained with access control policies and firewalls. However, insider attacks -- where someone with an intimate knowledge of the system and administrative privileges…

Databases · Computer Science 2019-02-19 Shubham S. Srivastava , Medha Atre , Shubham Sharma , Rahul Gupta , Sandeep K. Shukla

Modern web applications serve large amounts of sensitive user data, access to which is typically governed by data-access policies. Enforcing such policies is crucial to preventing improper data access, and prior work has proposed many…

Databases · Computer Science 2022-06-02 Wen Zhang , Eric Sheng , Michael Chang , Aurojit Panda , Mooly Sagiv , Scott Shenker

The emergence of database-as-a-service platforms has made deploying database applications easier than before. Now, developers can quickly create scalable applications. However, designing performant, maintainable, and accurate applications…

Databases · Computer Science 2020-04-23 Visweswara Sai Prashanth Dintyala , Arpit Narechania , Joy Arulraj

With web applications becoming a preferred method of presenting graphical user interfaces to users, software vulnerabilities affecting web applications are becoming more and more prevalent and devastating. Some of these vulnerabilities,…

Cryptography and Security · Computer Science 2019-08-14 Michael Flanders

In this paper, we propose a formalization of the process of exploitation of SQL injection vulnerabilities. We consider a simplification of the dynamics of SQL injection attacks by casting this problem as a security capture-the-flag…

Cryptography and Security · Computer Science 2021-05-25 Laszlo Erdodi , Åvald Åslaugson Sommervoll , Fabio Massimo Zennaro

Over the past decades, the web is always one of the most popular targets of hackers. Today, along with the popular usage of open sources such as Wordpress and Joomla, the explosion of the vulnerabilities in such frameworks causes the…

Cryptography and Security · Computer Science 2019-03-15 Van-Linh Nguyen , Po-Ching Lin , Ren-Hung Hwang

Traditional database fuzzing techniques primarily focus on syntactic correctness and general SQL structures, leaving critical yet obscure DBMS features, such as system-level modes (e.g., GTID), programmatic constructs (e.g., PROCEDURE),…

Databases · Computer Science 2026-03-24 Yongxin Chen , Zhiyuan Jiang , Chao Zhang , Haoran Xu , Shenglin Xu , Jianping Tang , Zheming Li , Peidai Xie , Yongjun Wang

We use browsers daily to access all sorts of information. Because browsers routinely process scripts, media, and executable code from unknown sources, they form a critical security boundary between users and adversaries. A common attack…

Cryptography and Security · Computer Science 2025-09-11 Nils Bars , Lukas Bernhard , Moritz Schloegel , Thorsten Holz

Web applications continue to be a favorite target for hackers due to a combination of wide adoption and rapid deployment cycles, which often lead to the introduction of high impact vulnerabilities. Static analysis tools are important to…

Cryptography and Security · Computer Science 2022-01-19 Ibéria Medeiros , Nuno Neves , Miguel Correia

Large language model (LLM) services have recently begun offering a plugin ecosystem to interact with third-party API services. This innovation enhances the capabilities of LLMs, but it also introduces risks, as these plugins developed by…

Cryptography and Security · Computer Science 2024-04-29 Wanru Zhao , Vidit Khazanchi , Haodi Xing , Xuanli He , Qiongkai Xu , Nicholas Donald Lane