For Libraries For Publication Open Access Downloads About Us Contact Us
Paper Titles
The Recognition Research of Birds' Nest on Transmission Line Towers
p.820
Investigation of Dual-Wavelength Erbium-Doped Fiber Laser Intra-Cavity Absorption Sensor
p.825
Study on New Task Scheduling Strategy in Cloud Computing Environment Based on the Simulator CloudSim
p.829
Research on the Generation of Two-Dimensional Fitted-Body Grid by Adjacent Boundary Nodes Sliding Method
p.835
Method to Detect SQL Injection Attacks for Complex Network Environment
p.841
On Cloud Sharing Model of Digital Educational Resources in Hebei Universities
p.846
Excavation Dynamics and Control of Shallow Lunar Soil Sampling Manipulator
p.852
A Decorrelation-Based Nonnegative Matrix Factorization Algorithm for Face Recognition
p.858
Static Loadabilty Assessment Using Covariance Matrix Adapted Evolution Strategy
p.864

Method to Detect SQL Injection Attacks for Complex Network Environment

Article Preview

Abstract:

SQL injection has become a serious security risk among all the attacks against Web application. The SQL injection attack allows an attacker to access the underlying database unrestrictedly, and furthermore, retrieves the confidential information of the corporation and the network user. We found that most of the existing researches are able to detect most of the attacks, but they do not consider the complexity involved in using the defense system and the eventual cost of modification of the original program. For this reason, we conducts an in-depth research on SQL injection and defense: requires no modification of the web application code,and can be adapted to different usage scenarios,involving also different operating systems and server applications,and can be able to detect all the known injection points for the test application

You might also be interested in these eBooks
Engineering Materials and Application View Preview

Info:

Periodical:

Advanced Materials Research (Volume 651)

Pages:

841-845

DOI:

https://doi.org/10.4028/www.scientific.net/AMR.651.841

Citation:

Cite this paper

Online since:

January 2013

Authors:

Wu Min Pan

Keywords:

Network Security, Sql Injection Attack, SQL Server, System Security

Export:

RIS, BibTeX

Price:

Permissions CCC:

Request Permissions

Permissions PLS:

Request Permissions

Сopyright:

© 2013 Trans Tech Publications Ltd. All Rights Reserved

Share:

Citation:

References

[1] A. Nguyen-Tuong, S. Guarnieri, D. Greene, and D. Evans, Automatically hardening web applications using precise tainting, in 20th IFIP International Information Security Conference Makuhari-Messe, Chiba, Japan, 2005, pp.296-307.

DOI: 10.21236/ada436667

Google Scholar

[2] T. Pietraszek and C. V. Berghe, Defending against injection attacks through context-sensitive string evaluation, in Eighth International Symposium on Recent Advances in Intrusion Detection, 2005, pp.124-145.

DOI: 10.1007/11663812_7

Google Scholar

[3] W. Halfond and A. Orso, AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks, in Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering, 2005, pp.174-183.

DOI: 10.1145/1101908.1101935

Google Scholar

[4] G. Buehrer, B. W. Weide, and P. A. G. Sivilotti, Using parse tree validation to prevent SQL injection attacks, in Proceedings of the 5th international workshop on Software engineering and middleware, 2005, pp.106-113.

DOI: 10.1145/1108473.1108496

Google Scholar

[5] Z. Su and G. Wassermann, The essence of command injection attacks in web applications, in Symposium on Principles of Programming Languages, 2006, pp.372-382.

DOI: 10.1145/1111037.1111070

Google Scholar

[6] F. Valeur, D. Mutz, and G. Vigna, A learning-based approach to the detection of sql attacks, (2003).

Google Scholar

[7] Y. Kosuga, K. Kernel, M. Hanaoka, M. Hishiyama, and Y. Takahama, Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Injection, in Computer Security Applications Conference, 2007, pp.107-117.

DOI: 10.1109/acsac.2007.20

Google Scholar

[8] InterSect Alliance, Snare Epilog for Windows, http: /www. intersectalliance. com/projects/EpilogWindows.

Google Scholar

[9] M. Owens, The definitive guide to SQLite: Apress, (2006).

Google Scholar

© 2025 Trans Tech Publications Ltd. All rights are reserved, including those for text and data mining, AI training, and similar technologies. For open access content, terms of the Creative Commons licensing CC-BY are applied.
Scientific.Net is a registered trademark of Trans Tech Publications Ltd.