300 word summary:
AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks.
Provides a valuable background section on the countermeasures for SQL injection attacks:
Defensive Programming
General Techniques against SQLi
Static Analysis techniques
Provides examples of SQL injection attacks, with sql code.
Provides a definition of an sql injection attack:
“An SQL Injection Attack (SQLIA) occurs when an attacker attempts to change the logic, semantics or syntax of a legitimate SQL statement by inserting new SQL keywords or operators into the statement.”
Provides a blueprint for their implementation:
Identify hotspots: Scan the application code to identify hotspots — points in the application code that issue SQL queries to the underlying database.
Build SQL-query models: For each hotspot, build a model that represents all the possible SQL queries that may be generated at that hotspot. A SQL-query model is a non-deterministic finite-state automaton in which the transition labels consist of SQL tokens (SQL keywords and operators), delimiters, and place holders for string values.
Instrument Application: At each hotspot in the application, add calls to the runtime monitor.
Run-time monitoring: At runtime, check the dynamically-generated queries against the SQL-query model and reject and report queries that violate the model.
What is the paper about?
A new technique to detect sql injection
Who is the intended audience?
Professionals / Researchers
Is title/abstract accurate
Yes, its the name of their implementation
Is the big ‘point’ of the work clear?
Is there an original/significant contribution to knowledge
Yes, they have a theory and implementation for a new type of SQLi detection
Is this an extension to previous work?
Yes, it lists the previous methods, their weaknesses, and gives a new method
Are aims and objectives clearly stated?
Technical aspects of critique
Has proper attention been given to the current literature
Yes, it has an excellent ‘Background information section’
Are ideas/arguments technically correct?
Is empirical evidence provided?
yes, they have an experiment comparing their tool with others tools and the results
Is there a balanced presentation of the literature?
Yes, they have lots of very good information
Is the research design/methodology clearly stated?
Yes, with a big section on the theory behind it
Has any sampling involved been carefully and thoughtfully selected?
yes, they list other methods, and implementations of those methods, and they test them and compare with results of their own method and implementation
Is it representative? Is it likely to bias the research?
Have any ethical issues been clearly identified and handled correctly?
Has the data collection method clearly stated?
yes, excellent experiment section
Was there a pilot study to check proposed approach?
Is the data collection method valid and reliable?
yes, its a repeatable experiment
What is the method of analysis? Clearly described and reliable?
experiment comparison between their implementation/method and other methods/implelmentations
Are results clearly presented?
yes, in tables
Are all hypotheses and any assumptions clearly stated at the outset?
yes, they have a very good theoretical section
IS the paper well structured? Can you follow the arguments? Is there a good flow through the paper i.e. Is there a ‘story’?
yes, and its full of very useful information, this is going to be heavily used in my paper
Are technical terms/abbreviations explained?
yes, very clearly
Are tables/graphs/diagrams easy to follow and clearly signposted?
Do they aid understanding?
Is the discussion well balanced? – Not front/top heavy
its pretty heavy on theory and background
Are conclusions well supported by arguments/results presented in the paper
Is the work well ‘joined-up’?
yes, it flows well from background to current theory, to their theory, to comparison and conculsion
Do the authors recognise potential areas of weakness in their work?
yes, its very precise and expensive (resource-wise) also, its only for java apps
How up-to-date is the work – are references current and representative of the field?
upto 2005, so pretty new