Web applications contain many critical faults and are susceptible to serious failures and security threats. In this talk, I will describe our recent work on a runtime checking technique for the class of SQL injection attacks on web applications. Our technique is based on a novel syntactic characterization of SQL injection attacks, and a sound and complete algorithm for detecting such attacks.

A paper describing this work has appeared in POPL'06:
http://www.cs.ucdavis.edu/~su/publications/popl06.pdf

Zhendong Su received the Ph.D. degree in Computer Science from the University of California at Berkeley in December 2002. He was a Visiting Fellow at NASA Ames Research Center from September 2002 to December 2002 before joining the Computer Science department at the University of California, Davis as an assistant professor in 2003. He is the recipient of a Best Paper Award from the European Association for Programming Languages and Systems (1998), an ACM SIGSOFT Distinguished Paper Award (2004), and an NSF CAREEER Award (2006).