SDriver/XPath Download

preventing XPath injection attacks with a secure library

SDriver/Xpath

The usage of XML documents instead of relational databases makes web applications vulnerable to XPath injection attacks. This is because of the loose typing nature of the XPath language. SDriver/XPath is a library that acts as a plug-in in JDK’s XML implementation. To detect an attack, the driver uses stripped-down Xpath queries and stack traces to create SQL statement signatures that are then used to distinguish between injected and legitimate queries. The driver depends neither on the application nor on the XML schema and can be easily retrofitted to any system. For more check the corresponding publication

Download

  • Source