Research of SQL injection attack and prevention technology

SQL injection attack is one of the most serious security vulnerabilities in Web application system, most of these vulnerabilities are caused by lack of input validation and SQL parameters use. Typical SQL injection attack and prevention technologies are introduced in the paper. The detecting methods not only validate user input, but also use type-safe SQL parameters. SQL injection defense model is established according to the detection processes, which is effective against SQL injection vulnerabilities.

[1]  Lu Chen,et al.  Complete Web Security Testing Methods and Recommendations , 2013, 2013 International Conference on Computer Sciences and Applications.

[2]  Sanjay Kumar Jena,et al.  A fast and secure way to prevent SQL injection attacks , 2013, 2013 IEEE CONFERENCE ON INFORMATION AND COMMUNICATION TECHNOLOGIES.

[3]  Anil Kumar Sharma,et al.  XML-Based Authentication to Handle SQL Injection , 2012, SocProS.

[4]  A. Tajpour,et al.  Comparison of SQL injection detection and prevention techniques , 2010, 2010 2nd International Conference on Education Technology and Computer.

[5]  Suhaimi Ibrahim,et al.  Web application security by SQL injection detection tools , 2012 .

[6]  Jin-Young Choi,et al.  Detecting SQL injection attacks using query result size , 2014, Comput. Secur..

[7]  Dong Hoon Lee,et al.  Data-mining based SQL injection attack detection using internal query trees , 2014, Expert Syst. Appl..