@inproceedings{67d02376c2a245f3967086c37ba2290b,
title = "On the automated verification of web applications with embedded SQL",
abstract = "A large number of web applications is based on a relational database together with a program, typically a script, that enables the user to interact with the database through embedded SQL queries and commands. In this paper, we introduce a method for formal automated verification of such systems which connects database theory to mainstream program analysis. We identify a fragment of SQL which captures the behavior of the queries in our case studies, is algorithmically decidable, and facilitates the construction of weakest preconditions. Thus, we can integrate the analysis of SQL queries into a program analysis tool chain. To this end, we implement a new decision procedure for the SQL fragment that we introduce. We demonstrate practical applicability of our results with three case studies, a web administrator, a simple firewall, and a conference management system.",
keywords = "Decidability, Program verification, Reasoning, SQL, Scripting language, Two-variable fragment of First Order logic, Web services",
author = "Shachar Itzhaky and Tomer Kotek and Noam Rinetzky and Mooly Sagiv and Orr Tamir and Helmut Veith and Florian Zuleger",
note = "Publisher Copyright: {\textcopyright} Shachar Itzhaky, Tomer Kotek, Noam Rinetzky, Mooly Sagiv, Orr Tamir, Helmut Veith, and Florian Zuleger; licensed under Creative Commons License CC-BY 20th International Conference on Database Theory (ICDT 2017).; 20th International Conference on Database Theory, ICDT 2017 ; Conference date: 21-03-2017 Through 24-03-2017",
year = "2017",
month = mar,
day = "1",
doi = "https://doi.org/10.4230/LIPIcs.ICDT.2017.16",
language = "الإنجليزيّة",
series = "Leibniz International Proceedings in Informatics, LIPIcs",
editor = "Giorgio Orsi and Michael Benedikt",
booktitle = "20th International Conference on Database Theory, ICDT 2017",
}