Refine
Document Type
- Conference Proceeding (6)
- Article (1)
Language
- English (7)
Has Fulltext
- no (7)
Keywords
- Cross Site Scripting (1)
- PHP (2)
- Refactoring (1)
- SQL Injection (1)
- SQLi (1)
- Static Code Analysis (1)
- Static code analysis (1)
- Test Suite (1)
- Vulnerability Pattern (1)
- Web security (1)
Institute
Many secure software development methods and tools are well-known and understood. Still, the same software security vulnerabilities keep occurring. To find out if new source code patterns evolved or the same patterns are reoccurring, we investigate SQL injections in PHP open source projects. SQL injections are well-known and a core part of software security education. For each common part of SQL injections, the source code patterns are analysed. Examples are pointed out showing that developers had software security in mind, but nevertheless created vulnerabilities. A comparison to earlier work shows that some categories are not found as often as expected. Our main contribution is the categorization of source code patterns.