2011 | OriginalPaper | Chapter
XIVD: Runtime Detection of XPath Injection Vulnerabilities in XML Databases through Aspect Oriented Programming
Authors : Velu Shanmughaneethi, Ra. Yagna Pravin, S. Swamynathan
Published in: Advances in Computing and Information Technology
Publisher: Springer Berlin Heidelberg
Activate our intelligent search to find suitable subject content or patents.
Select sections of text to find matching patents with Artificial Intelligence. powered by
Select sections of text to find additional relevant content using AI-assisted search. powered by
The growing acceptance of XML technologies for documents and protocols, it is logical that security should be integrated with XML solutions. In a web application, an improper user input is root cause for a wide variety of attacks. XML Path or XPath language is used for querying information from the nodes of an XML document. XPath Injection is an attack technique used to exploit applications that construct XPath (XML Path Language) queries from user-supplied input to query or navigate XML documents such as SQL in Databases. Hence, we proposed an approach to detect XPath injection attack in XML databases at runtime through Aspect Oriented Programming (AOP). Our approach intercept XPath expression i.e.) XQuery from the web application through Aspect Oriented Programming (AOP) and parse the XQuery expression to find the inputs to be placed in the expression. The identified inputs are used to design an XML file and it would be validated through a proposed schema. The validation results the correctness of the XQuery.