SQLIA Detection and Prevention Techniques

2020 9th International Conference System Modeling and Advancement in Research Trends (SMART) Pub Date : 2020-12-04 DOI:10.1109/SMART50582.2020.9336795

Mazoon Hashil Al Rubaiei, Thuraiya Al Yarubi, Maiya Al Saadi, B. Kumar

{"title":"SQLIA Detection and Prevention Techniques","authors":"Mazoon Hashil Al Rubaiei, Thuraiya Al Yarubi, Maiya Al Saadi, B. Kumar","doi":"10.1109/SMART50582.2020.9336795","DOIUrl":null,"url":null,"abstract":"Structure Query Language Injection (SQLI) is one of the top most threat to web-based applications (Like e-commerce, banking, shopping, trading, blogs, etc.) which are connected to the database. The attacker has the ability to get full access and the full control of the database or the application and that drives to removing, modifying and changing significant data. This can be performed by the attacker when a sequence of malicious SQL statements are injected by the attacker into a query through an input that is not validated. Finding the proper solution to stop or mitigate the SQL injection is necessary due to the importance of security of web applications. Many researchers have studied SQLIA detection and prevention extensively and have proposed various methods. However, these techniques are not enough because usually, they have limitations cannot stop all type of attacks. This paper presents background study about classical types of SQLIA, detection and prevention techniques as well as evaluation of these approaches against those types of attacks.","PeriodicalId":129946,"journal":{"name":"2020 9th International Conference System Modeling and Advancement in Research Trends (SMART)","volume":"36 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-12-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 9th International Conference System Modeling and Advancement in Research Trends (SMART)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SMART50582.2020.9336795","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

Structure Query Language Injection (SQLI) is one of the top most threat to web-based applications (Like e-commerce, banking, shopping, trading, blogs, etc.) which are connected to the database. The attacker has the ability to get full access and the full control of the database or the application and that drives to removing, modifying and changing significant data. This can be performed by the attacker when a sequence of malicious SQL statements are injected by the attacker into a query through an input that is not validated. Finding the proper solution to stop or mitigate the SQL injection is necessary due to the importance of security of web applications. Many researchers have studied SQLIA detection and prevention extensively and have proposed various methods. However, these techniques are not enough because usually, they have limitations cannot stop all type of attacks. This paper presents background study about classical types of SQLIA, detection and prevention techniques as well as evaluation of these approaches against those types of attacks.

查看原文本刊更多论文

SQLIA检测和预防技术

结构查询语言注入(SQLI)是连接到数据库的基于web的应用程序(如电子商务、银行、购物、交易、博客等)面临的最大威胁之一。攻击者有能力获得对数据库或应用程序的完全访问和完全控制，从而导致删除、修改和更改重要数据。当攻击者通过未经验证的输入将一系列恶意SQL语句注入查询时，攻击者就可以执行此操作。由于web应用程序安全性的重要性，找到适当的解决方案来阻止或减轻SQL注入是必要的。许多研究者对SQLIA的检测和预防进行了广泛的研究，并提出了各种方法。然而，这些技术是不够的，因为它们通常有局限性，不能阻止所有类型的攻击。本文介绍了SQLIA经典类型的背景研究，检测和预防技术，以及这些方法对这些类型攻击的评估。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2020 9th International Conference System Modeling and Advancement in Research Trends (SMART)

自引率

0.00%

发文量