For Full-Text PDF, please login, if you are a member of IEICE,|
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
Detection of SQL Injection Vulnerability in Embedded SQL
IEICE TRANSACTIONS on Information and Systems
Publication Date: 2020/05/01
Online ISSN: 1745-1361
Type of Manuscript: LETTER
Category: Software System
SQL injection vulnerability, embedded SQL, candidate code generation,
Full Text: PDF(758.5KB)>>
Embedded SQL inserts SQL statements into the host programming language and executes them at program run time. SQL injection is a known attack technique; however, detection techniques are not introduced in embedded SQL. This paper introduces a technique based on candidate code generation that can detect SQL injection vulnerability in the C/C++ host programming language.