Structured Query Language
Injection Attack (SQLIA) is the most exposed to attack on the Internet. From
this attack, the attacker can take control of the database therefore be able to
interpolate the data from the database server for the website. Hence, the big
challenge became to secure such website against attack via the Internet. We
have presented different types of attack methods and prevention techniques of
SQLIA which were used to aid the design and implementation of our model. In the
paper, work is separated into two parts. The first aims to put SQLIA into
perspective by outlining some of the materials and researches that have already
been completed. The section suggesting methods of mitigating SQLIA aims to
clarify some misconceptions about SQLIA prevention and provides some useful
tips to software developers and database administrators. The second details the
creation of a filtering proxy server used to prevent a SQL injection attack and
analyses the performance impact of the filtering process on web application.
[1]
Angelos D. Keromytis,et al.
SQLrand: Preventing SQL Injection Attacks
,
2004,
ACNS.
[2]
Massimiliano Di Penta,et al.
A heuristic-based approach for detecting SQL-injection vulnerabilities in web applications
,
2010,
SESS '10.
[3]
Shih-Kun Huang,et al.
Web application security assessment by fault injection and behavior monitoring
,
2003,
WWW '03.
[4]
hackerxwar.
编写搜索型Blind SQL Injection工具
,
2009
.
[5]
Chris Anley,et al.
Advanced SQL Injection In SQL Server Applications
,
2002
.
[6]
Alessandro Orso,et al.
Combining static analysis and runtime monitoring to counter SQL-injection attacks
,
2005,
ACM SIGSOFT Softw. Eng. Notes.
[7]
Kenji Kono,et al.
Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Injection
,
2007,
Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).