{"title":"使用SQL注入从数据库检索数据的误用模式","authors":"E. Fernández, E. Alder, R. Bagley, S. Paghdar","doi":"10.1109/BIOMEDCOM.2012.27","DOIUrl":null,"url":null,"abstract":"SQL injection attacks represent a serious threat to any database-driven site and they are one of the most frequent types of attacks. We present here a misuse pattern for retrieving data from a database using SQL injection, which describes the essential and typical characteristics of this type of attack. A misuse pattern describes from the point of view of the attacker, how a type of attack or misuse is performed (what units it uses and how), looks at the selection of the methods available to the attacker, analyzes the way of stopping the attack, and describes how to trace the attack once it has happened by appropriate collection and observation of forensic data.","PeriodicalId":146495,"journal":{"name":"2012 ASE/IEEE International Conference on BioMedical Computing (BioMedCom)","volume":"29 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-12-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"A Misuse Pattern for Retrieving Data from a Database Using SQL Injection\",\"authors\":\"E. Fernández, E. Alder, R. Bagley, S. Paghdar\",\"doi\":\"10.1109/BIOMEDCOM.2012.27\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"SQL injection attacks represent a serious threat to any database-driven site and they are one of the most frequent types of attacks. We present here a misuse pattern for retrieving data from a database using SQL injection, which describes the essential and typical characteristics of this type of attack. A misuse pattern describes from the point of view of the attacker, how a type of attack or misuse is performed (what units it uses and how), looks at the selection of the methods available to the attacker, analyzes the way of stopping the attack, and describes how to trace the attack once it has happened by appropriate collection and observation of forensic data.\",\"PeriodicalId\":146495,\"journal\":{\"name\":\"2012 ASE/IEEE International Conference on BioMedical Computing (BioMedCom)\",\"volume\":\"29 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-12-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2012 ASE/IEEE International Conference on BioMedical Computing (BioMedCom)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/BIOMEDCOM.2012.27\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 ASE/IEEE International Conference on BioMedical Computing (BioMedCom)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/BIOMEDCOM.2012.27","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A Misuse Pattern for Retrieving Data from a Database Using SQL Injection
SQL injection attacks represent a serious threat to any database-driven site and they are one of the most frequent types of attacks. We present here a misuse pattern for retrieving data from a database using SQL injection, which describes the essential and typical characteristics of this type of attack. A misuse pattern describes from the point of view of the attacker, how a type of attack or misuse is performed (what units it uses and how), looks at the selection of the methods available to the attacker, analyzes the way of stopping the attack, and describes how to trace the attack once it has happened by appropriate collection and observation of forensic data.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
