论文信息 - Design of SQL Injection Filtering Module Based on Regular Expression

Design of SQL Injection Filtering Module Based on Regular Expression

(Abstract )This paper researches SQL injection attack and grammatical features, constructs the regular expression for these attacks, and designs a SQL injection attack filter module inside Web server based on the filter rules using regular expression. It makes Http request realize injection attack detection before be submitted to the system module. Test results show that compared with filtering based on pure key-words, the filtering based on regular expression has higher recognition rate and lower false positive rate. Web server loaded with filtering module can defense SQL injection attacks effectively, and service delay is smaller. (Key words ) ) ) )SQL injection; regular expression; server defense

Li Chang | Wang Weiping | Duan Gui-hua

[1] Dafydd Stuttard,et al. The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws , 2007 .

[2] Zhendong Su,et al. The essence of command injection attacks in web applications , 2006, POPL '06.

[3] Alessandro Orso,et al. A Classification of SQL Injection Attacks and Countermeasures , 2006, ISSSE.

[4] Jeffrey E. F. Friedl. Mastering Regular Expressions , 1997 .