论文信息 - A survey of SQL injection defense mechanisms

A survey of SQL injection defense mechanisms

SQL Injection Attack (SQLIA) is a prevalent method which makes it possible for the attackers to gain direct access to the database and culminates in extracting sensitive information from the firm's database. In this survey, we have presented and analyzed six different SQL Injection prevention techniques which can be used for securing the data storage over the Internet. The survey starts by presenting Variable Normalization and will continue with AMNESIA, Prepared statements, SQL DOM, SQLrand and SQLIA prevention in stored procedures respectively.

Saghar Khadem | Kasra Amirtahmasebi | Seyed Reza Jalalinia

[1] Laurie A. Williams,et al. On automated prepared statement generation to remove SQL injection vulnerabilities , 2009, Inf. Softw. Technol..

[2] Alessandro Orso,et al. AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks , 2005, ASE.

[3] Aske Simon Christensen,et al. Precise Analysis of String Expressions , 2003, SAS.

[4] Jianyi Lin,et al. Computer crime and security survey , 2002 .

[5] Angelos D. Keromytis,et al. SQLrand: Preventing SQL Injection Attacks , 2004, ACNS.

[6] R.A. McClure,et al. SQL DOM: compile time checking of dynamic SQL statements , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..

[7] Alessandro Orso,et al. A Classification of SQL Injection Attacks and Countermeasures , 2006, ISSSE.

[8] Angelos D. Keromytis,et al. Countering code-injection attacks with instruction-set randomization , 2003, CCS '03.

[9] Suraj C. Kothari,et al. Preventing SQL injection attacks in stored procedures , 2006, Australian Software Engineering Conference (ASWEC'06).