Name
Title | ||
|---|---|---|
An empirical analysis of input validation mechanisms in web applications and languages |
Abstract | ||
|---|---|---|
Web applications have become an integral part of the daily lives of millions of users. Unfortunately, web applications are also frequently targeted by attackers, and attacks such as XSS and SQL injection are still common. In this paper, we present an empirical study of more than 7000 input validation vulnerabilities with the aim of gaining deeper insights into how these common web vulnerabilities can be prevented. In particular, we focus on the relationship between the specific programming language used to develop web applications and the vulnerabilities that are commonly reported. Our findings suggest that most SQL injection and a significant number of XSS vulnerabilities can be prevented using straight-forward validation mechanisms based on common data types. We elaborate on these common data types, and discuss how support could be provided in web application frameworks. |
Year | DOI | Venue |
|---|---|---|
2012 | 10.1145/2245276.2232004 | SAC |
Keywords | Field | DocType |
deeper insight,straight-forward validation mechanism,input validation mechanism,web application framework,empirical analysis,input validation vulnerability,common data type,daily life,sql injection,common web vulnerability,web application,xss vulnerability,input validation,programming language,security,data type,empirical study | Web development,World Wide Web,Computer science,Web modeling,Web application security,Cross-site scripting,Web application,Web service,Secure coding,SQL injection | Conference |
Citations | PageRank | References |
6 | 0.49 | 18 |
Authors | ||
4 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Theodoor Scholte | 1 | 262 | 10.67 |
| William Robertson | 2 | 1762 | 123.11 |
| Davide Balzarotti | 3 | 2040 | 113.64 |
| Engin Kirda | 4 | 5386 | 334.12 |