Detection of SQL Injection Vulnerability in Embedded SQL

Young-Su JANG  

IEICE TRANSACTIONS on Information and Systems   Vol.E103-D   No.5   pp.1173-1176
Publication Date: 2020/05/01
Online ISSN: 1745-1361
DOI: 10.1587/transinf.2019EDL8143
Type of Manuscript: LETTER
Category: Software System
SQL injection vulnerability,  embedded SQL,  candidate code generation,  

Full Text: PDF(758.5KB)>>
Buy this Article

Embedded SQL inserts SQL statements into the host programming language and executes them at program run time. SQL injection is a known attack technique; however, detection techniques are not introduced in embedded SQL. This paper introduces a technique based on candidate code generation that can detect SQL injection vulnerability in the C/C++ host programming language.