论文信息 - Research on the technology of detecting the SQL injection attack and non-intrusive prevention in WEB system

Research on the technology of detecting the SQL injection attack and non-intrusive prevention in WEB system

Among numerous WEB security issues, SQL injection is the most notable and dangerous. In this study, characteristics and procedures of SQL injection are analyzed, and the method for detecting the SQL injection attack is illustrated. The defense resistance and remedy model of SQL injection attack is established from the perspective of non-intrusive SQL injection attack and defense. Moreover, the ability of resisting the SQL injection attack of the server has been comprehensively improved through the security strategies on operation system, IIS and database, etc.. Corresponding codes are realized. The method is well applied in the actual projects.

Haibin Hu

[1] Sang-Soo Yeo,et al. A novel method for SQL injection attack detection based on removing SQL query attribute values , 2012, Math. Comput. Model..

[2] Zhang Yong. Detection and Defense Against SQL Injection Attacks , 2004 .

[3] Jin-Young Choi,et al. Detecting SQL injection attacks using query result size , 2014, Comput. Secur..

[4] Liu Shuai. Research on SQL injection Attack Detection and Prevention Technology , 2009 .

[5] Laurie A. Williams,et al. On automated prepared statement generation to remove SQL injection vulnerabilities , 2009, Inf. Softw. Technol..

[6] E. Ramaraj,et al. An Efficient Technique for Detection and Prevention of SQL Injection Attack using ASCII Based String Matching , 2012 .

[7] Kanchana Natarajan,et al. Generation of Sql-injection Free Secure Algorithm to Detect and Prevent Sql-Injection Attacks , 2012 .