Please use this identifier to cite or link to this item:
Title: 1 Superglobals Sanitization against SQL injection and XSS
Authors: Osman Elnour Sulieman
Mohammed Hassan Ahmed
Prof. Elsamani A. talab
Prof. Awad Alkarim Mohammed Yousif
Issue Date: 2016
Publisher: جامعة النيلين - كلية الدراسات العليا
Abstract: SQL injection attack, exploit the problem of insufficient input data validation to trick PHP applications into executing unintended queries that allow hackers to bypass login screen, read, update, alter, create, or even delete sensitive data stored in the backend database. Cross site Scripting-XSS, harness the same problem to access sensitive page contents, session cookies, and a variety of other information retained by the browser on behalf of the user. This problem can be solved by performing static source code analysis to detect taintable points in the code before the application is deployed on the web. In this paper, we present a novel technique depend on reading your PHP source code file line by line and uses regular expressions to precisely find superglobals that hold form parameters, request details, cookies and session information and automatically add a user-defined function named as sanitizer to the source code. The Sanitizer will receive superglobals values to sanitize them against SQL injection and XSS. We implemented our approach in a simple tool called SQL Injection-XSS sanitizer. Our results show that the tool is capable of protecting PHP applications against untrusted input data with high rate.
Appears in Collections:Journal of Graduate Studies - VOL - 12

Files in This Item:
File Description SizeFormat 
Superglobals Sanitization against SQL injection and XSS 2.pdf514.25 kBAdobe PDFView/Open

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.