CANDID: preventing sql injection attacks using dynamic candidate evaluations
ACM Conference on Computer and Communications Security, pp. 12-24, 2007.
SQL injection attacks are one of the topmost threats for applications written for the Web. These attacks are launched through specially crafted user input on web applications that use low level string operations to construct SQL queries. In this work, we exhibit a novel and powerful scheme for automatically transforming web applications t...More
PPT (Upload PPT)