SQL injection attacks

Jene Wrightes
{"title":"SQL injection attacks","authors":"Jene Wrightes","doi":"10.54254/2977-3903/2/2023017","DOIUrl":null,"url":null,"abstract":"SQL Injection (SQLi) attacks continue to pose significant threats to modern web applications, compromising data integrity and confidentiality. This research delves into the development and evaluation of methodologies designed to detect and mitigate these malicious attacks. Employing a diverse set of web applications, the study unfolds in a controlled environment, simulating real-world conditions to assess the effectiveness of current defense mechanisms against SQLi. Building upon this baseline, the research introduces a two-pronged defense mechanism: a Static Analysis Tool to pre-emptively identify vulnerabilities in application code and a Runtime Query Sanitizer that employs rule-based patterns and machine learning models to scrutinize and sanitize SQL queries in real-time. Performance evaluation metrics, encompassing detection rate, false positives, response time, and machine learning efficiency, are meticulously documented. Further robustness of these mechanisms is ascertained through real-world simulations involving unsuspecting users and ethical hackers. Initial results indicate promising potential for the introduced methodologies in safeguarding web applications against SQLi attacks. The study's findings serve as a critical step towards fortifying web applications, emphasizing the amalgamation of static analysis and real-time query sanitization as an effective countermeasure against SQLi threats.","PeriodicalId":476183,"journal":{"name":"Advances in Engineering Innovation","volume":"58 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-10-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Advances in Engineering Innovation","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.54254/2977-3903/2/2023017","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

Abstract

SQL Injection (SQLi) attacks continue to pose significant threats to modern web applications, compromising data integrity and confidentiality. This research delves into the development and evaluation of methodologies designed to detect and mitigate these malicious attacks. Employing a diverse set of web applications, the study unfolds in a controlled environment, simulating real-world conditions to assess the effectiveness of current defense mechanisms against SQLi. Building upon this baseline, the research introduces a two-pronged defense mechanism: a Static Analysis Tool to pre-emptively identify vulnerabilities in application code and a Runtime Query Sanitizer that employs rule-based patterns and machine learning models to scrutinize and sanitize SQL queries in real-time. Performance evaluation metrics, encompassing detection rate, false positives, response time, and machine learning efficiency, are meticulously documented. Further robustness of these mechanisms is ascertained through real-world simulations involving unsuspecting users and ethical hackers. Initial results indicate promising potential for the introduced methodologies in safeguarding web applications against SQLi attacks. The study's findings serve as a critical step towards fortifying web applications, emphasizing the amalgamation of static analysis and real-time query sanitization as an effective countermeasure against SQLi threats.
SQL注入攻击
SQL注入(SQLi)攻击继续对现代web应用程序构成重大威胁,危及数据完整性和机密性。本研究深入研究了用于检测和减轻这些恶意攻击的方法的开发和评估。该研究采用多种web应用程序,在受控环境中展开,模拟现实世界的条件,以评估当前针对SQLi的防御机制的有效性。在此基础上,该研究引入了一种双管齐下的防御机制:一种静态分析工具,用于先发制人地识别应用程序代码中的漏洞;一种运行时查询消毒器,采用基于规则的模式和机器学习模型来实时审查和消毒SQL查询。性能评估指标,包括检出率、误报、响应时间和机器学习效率,都被精心记录。通过涉及毫无戒心的用户和道德黑客的真实世界模拟,确定了这些机制的进一步鲁棒性。初步结果表明,所引入的方法在保护web应用程序免受SQLi攻击方面具有很大的潜力。该研究的发现是强化web应用程序的关键一步,强调将静态分析和实时查询清理合并为对抗SQLi威胁的有效对策。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信