For Libraries For Publication Open Access Downloads About Us Contact Us
Paper Titles
The Method of the Global Positioning Based on RSSI
p.1438
A Novel User Selection Algorithm for Multiuser MIMO-OFDMA System with Zero-Forcing Beamforming
p.1442
Study of Airport Ground Services Scheduling Problem in Airline Industry
p.1447
Research on the Prediction of Drug Sales Based on Levenberg-Marquardt Algorithm
p.1452
The SQL Injection Vulnerability Detection of the Web Application
p.1457
Toeplitz Robust Noisy Speech Endpoint Detection
p.1462
Research on PageRank Algorithm to Index Pages
p.1469
A Novel Registration Algorithm for Pol-InSAR Images Based on the RVOG Model
p.1475
Three-Dimensional Mesh Model Watermarking Algorithm
p.1481

The SQL Injection Vulnerability Detection of the Web Application

Article Preview

Abstract:

the SQL injection is one of the common security vulnerabilities of the Web application. This paper studies how to find out the possible SQL injection vulnerabilities. The scheme this paper put forward is the technology of black-box test. The main steps are that firstly construct specific user input in the test period of the Web application system, and inject it into the application system, then get the vulnerability detection report according to the analysis of the test logs.

You might also be interested in these eBooks
Applied Mechanics, Mechatronics Automation & System Simulation View Preview

Info:

Periodical:

Applied Mechanics and Materials (Volumes 198-199)

Pages:

1457-1461

DOI:

https://doi.org/10.4028/www.scientific.net/AMM.198-199.1457

Citation:

Cite this paper

Online since:

September 2012

Authors:

You Chan Zhu, Hui Li Liang

Keywords:

Black Box Testing, SQL Injection, Web Application

Export:

RIS, BibTeX

Price:

Permissions CCC:

Request Permissions

Permissions PLS:

Request Permissions

Сopyright:

© 2012 Trans Tech Publications Ltd. All Rights Reserved

Share:

Citation:

References

[1] Chris Anley. Advanced SQL injection in SQL Server Application http: /www. ngssoftware. com/papers.

Google Scholar

[2] M. Muthuprasanna, Ke Wei, Suraj Kothari . Eliminating SQL Injection Attacks-A Transparent Defense Mechanism. Eight IEEE International Symposium on Web Site Evolution, (2006).

DOI: 10.1109/wse.2006.9

Google Scholar

[3] Abdul Razzaq, Ali Hur, Nasir Haider, Faroop Ahmad . Multi-Layered Defense against Web Application Attacks. Proceedings of the 2009 Sixth International Conference on Information Technology: New Generations, (2009).

DOI: 10.1109/itng.2009.77

Google Scholar

[4] Xiang Fu, XinLu, Boris Peltsverger Shijun Chen . A Static Analysis Framework For Detecting SQL Injection Vulnerabilities. 31st Annual Internatonal Computer Software and Application Conference (2007).

DOI: 10.1109/compsac.2007.43

Google Scholar

[5] Arjin Dasgupta, Vivek Narasayya, Manoj Syamala . A Static Analysis Framework for Database Application . IEEE Internatonal Conference on Data Engineering (2009).

DOI: 10.1109/icde.2009.98

Google Scholar

[6] YuJing,Gao Feng,XuLianghua,ZhuLuhua . The study of the permeability test based on the SQL injection. Computer Engineering and Design, in August (2007).

Google Scholar

[7] Yang Haixia, Nan Zhihong. A Database Security Testing Scheme of Web Application. Computer Science & Education (2009).

DOI: 10.1109/iccse.2009.5228560

Google Scholar

[8] Nuno Antunes, Marco Vieira . Detecting SQL Injection Vulnerabilities in Web Services. Fourth Latin American Symposium on Dependable Computing, (2009).

DOI: 10.1109/ladc.2009.21

Google Scholar

[9] Massimo Ficco, Luigi Coppolino et al . A Weight-Based Symptom Correlation Approach to SQL Injection Attacks. Fourth Latin-American Symposium on Dependable Computing, (2009).

DOI: 10.1109/ladc.2009.14

Google Scholar

[10] ZhouJingli,WangXiaofeng etc . A new study and implemention of the reverse SQL injection strategy. Computer Science,2006 33(11).

Google Scholar

[11] Chris Anley. (more)Advanced SQL Injection. http: /www. ngssoftware. com/papers.

Google Scholar

© 2025 Trans Tech Publications Ltd. All rights are reserved, including those for text and data mining, AI training, and similar technologies. For open access content, terms of the Creative Commons licensing CC-BY are applied.
Scientific.Net is a registered trademark of Trans Tech Publications Ltd.