Identification and Mitigation Tool for Sql Injection Attacks (SQLIA)

2020 IEEE 15th International Conference on Industrial and Information Systems (ICIIS) Pub Date : 2020-11-26 DOI:10.1109/ICIIS51140.2020.9342703

W. Rankothge, Mohan Randeniya, Viraj Samaranayaka

{"title":"Identification and Mitigation Tool for Sql Injection Attacks (SQLIA)","authors":"W. Rankothge, Mohan Randeniya, Viraj Samaranayaka","doi":"10.1109/ICIIS51140.2020.9342703","DOIUrl":null,"url":null,"abstract":"Structured Query Language Injection Attack (SQLIA) is a very frequent web security vulnerability. The attacker adds a malicious Structured Query Language (SQL) code to the input field of a web form, so that he can gain access to data or make unauthorized changes to data. A successful malicious SQL injection cause serious consequence to the victimized organization such as financial loss, reputation loss, compliance, and regulatory breaches. There have been several research works on detection and prevention of SQL injection attacks. However, still there is an absence of an advanced single tools for both identification and mitigation of SQL injection attacks.We have proposed an approach to identify and mitigate SQL injection attacks using a single tool and it allows software testers to identify the SQL injection vulnerabilities of their web applications during the testing stages. The proposed approach is based on parameterized queries and user input validation. Our results show that the tool provides 100% accurate and efficient results on identification and mitigation of SQL vulnerabilities","PeriodicalId":352858,"journal":{"name":"2020 IEEE 15th International Conference on Industrial and Information Systems (ICIIS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-11-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE 15th International Conference on Industrial and Information Systems (ICIIS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICIIS51140.2020.9342703","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 6

Abstract

Structured Query Language Injection Attack (SQLIA) is a very frequent web security vulnerability. The attacker adds a malicious Structured Query Language (SQL) code to the input field of a web form, so that he can gain access to data or make unauthorized changes to data. A successful malicious SQL injection cause serious consequence to the victimized organization such as financial loss, reputation loss, compliance, and regulatory breaches. There have been several research works on detection and prevention of SQL injection attacks. However, still there is an absence of an advanced single tools for both identification and mitigation of SQL injection attacks.We have proposed an approach to identify and mitigate SQL injection attacks using a single tool and it allows software testers to identify the SQL injection vulnerabilities of their web applications during the testing stages. The proposed approach is based on parameterized queries and user input validation. Our results show that the tool provides 100% accurate and efficient results on identification and mitigation of SQL vulnerabilities

查看原文本刊更多论文

Sql注入攻击(SQLIA)识别和缓解工具

结构化查询语言注入攻击(SQLIA)是一种常见的web安全漏洞。攻击者将恶意结构化查询语言(SQL)代码添加到web表单的输入字段中，这样他就可以访问数据或对数据进行未经授权的更改。成功的恶意SQL注入会给受害组织造成严重后果，如财务损失、声誉损失、遵从性和法规违反。在检测和预防SQL注入攻击方面已经有了一些研究工作。然而，仍然缺乏一种高级的单一工具来识别和缓解SQL注入攻击。我们提出了一种使用单一工具识别和减轻SQL注入攻击的方法，它允许软件测试人员在测试阶段识别其web应用程序的SQL注入漏洞。该方法基于参数化查询和用户输入验证。我们的结果表明，该工具在识别和缓解SQL漏洞方面提供了100%准确和有效的结果

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2020 IEEE 15th International Conference on Industrial and Information Systems (ICIIS)

自引率

0.00%

发文量