Volltext-Downloads (blau) und Frontdoor-Views (grau)
The search result changed since you submitted your search request. Documents might be displayed in a different sort order.
  • search hit 5 of 7
Back to Result List

Difficult SQLi Code Patterns for Static Code Analysis Tools

  • We compared vulnerable and fixed versions of the source code of 50 different PHP open source projects based on CVE reports for SQL injection vulnerabilities. We scanned the source code with commercial and open source tools for static code analysis. Our results show that five current state-of-the-art tools have issues correctly marking vulnerable and safe code. We identify 25 code patterns that are not detected as a vulnerability by at least one of the tools and 6 code patterns that are mistakenly reported as a vulnerability that cannot be confirmed by manual code inspection. Knowledge of the patterns could help vendors of static code analysis tools, and software developers could be instructed to avoid patterns that confuse automated tools.

Export metadata

Additional Services

Search Google Scholar

Statistics

frontdoor_oas
Metadaten
Author:Felix SchuckertORCiD, Basel KattORCiD, Hanno LangwegORCiDGND
URL:https://ojs.bibsys.no/index.php/NIK/article/view/892/753
Parent Title (English):NISK 2020 - Proceedings of the 13th Norwegian Information Security Conference, Nov. 24-25, 2020, virtual (NISK Norsk informasjonssikkerhetskonferanse ; No.3, 2020)
Publisher:Open Journal Systems
Document Type:Conference Proceeding
Language:English
Year of Publication:2021
Release Date:2021/01/18
Page Number:16
Institutes:Fakultät Informatik
Open Access?:Ja
Relevance:Peer reviewed nach anderen Listungen (mit Nachweis zum Peer Review Verfahren)