Bc. Michal Klein

Bachelor's thesis

Finding SQL Injection Vulnerabilities in a C# Source Code

Finding SQL Injection Vulnerabilities in a C# Source Code
Abstract:
SQL Injection Analyzer je statický analyzér zdrojového kódu používajúci Roslyn, ktorý sa zameriava na hľadanie neparametrizovaných dotazov v C# kóde. Prvá kapitola prezentuje SQL injection, frekvenciu útokov, príklady útokov z reálneho sveta a odporúčané praktiky prevencie s dôrazom na statické testovanie bezpečnosti aplikácií (SAST). Druhá kapitola popisuje súčasný stav v odvetví. V nasledovnej kapitole …more
Abstract:
SQL Injection Analyzer is a Roslyn-based static source code analyzer which focuses on finding non-parametric queries in C# source code. The first chapter presents SQL injection, frequency of attacks, real-world examples of attacks and recommended prevention techniques with an emphasis on static application security testing (SAST). The second chapter describes the current state of the art. Then, the …more
 

Keywords

Roslyn analyzer C# SQL injection static analysis taint analysis interprocedural analysis abstract syntax tree
 
Language used: English
Date on which the thesis was submitted / produced: 18. 5. 2023
Identifier: https://is.muni.cz/th/yxg18/

Thesis defence

  • Date of defence: 29. 6. 2023
  • Supervisor: prof. RNDr. Jiří Barnat, Ph.D.
  • Reader: doc. Mgr. Jan Obdržálek, PhD.

Citation record

Cite this text

Full text of thesis

Contents of on-line thesis archive
Published in Theses:
  • světu
Other ways of accessing the text
Institution archiving the thesis and making it accessible: Masarykova univerzita, Fakulta informatiky
Složka Reference to the local database directory of the institution

Masaryk University

Faculty of Informatics

Bachelor programme / field:
Programming and development / Programming and development

Theses on a related topic

List of theses with an identical keyword.