{"title":"SECURE-D:用于检测和防止SQL和NoSQL数据库攻击的框架","authors":"O. JithinV., N. Subramanian","doi":"10.1109/ISDFS55398.2022.9800805","DOIUrl":null,"url":null,"abstract":"The advancements in internet technology have attracted more users for web applications over recent years. Users’ confidential data are stored in databases thus heightening the security needs. Lack of secure coding in web application causes data threats. Database security plays an important role in information security. Access to database grants attackers control over sensitive information. The SQL and NoSQL injection attacks are categorized as dangerous attacks by the Open Web Application Security Project (OWASP). This work presents a framework for improving website security by detecting and preventing attacks in SQL and NoSQL databases. The proposed system is tested on vulnerable web applications and its efficacy is compared to that of two other systems. Other systems can detect attacks in either SQL or NoSQL databases but not both together. However, the proposed and implemented system can detect and prevent attacks in both SQL and NoSQL databases.","PeriodicalId":114335,"journal":{"name":"2022 10th International Symposium on Digital Forensics and Security (ISDFS)","volume":"214 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-06-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"SECURE-D:Framework For Detecting and Preventing Attacks in SQL and NoSQL Databases\",\"authors\":\"O. JithinV., N. Subramanian\",\"doi\":\"10.1109/ISDFS55398.2022.9800805\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The advancements in internet technology have attracted more users for web applications over recent years. Users’ confidential data are stored in databases thus heightening the security needs. Lack of secure coding in web application causes data threats. Database security plays an important role in information security. Access to database grants attackers control over sensitive information. The SQL and NoSQL injection attacks are categorized as dangerous attacks by the Open Web Application Security Project (OWASP). This work presents a framework for improving website security by detecting and preventing attacks in SQL and NoSQL databases. The proposed system is tested on vulnerable web applications and its efficacy is compared to that of two other systems. Other systems can detect attacks in either SQL or NoSQL databases but not both together. However, the proposed and implemented system can detect and prevent attacks in both SQL and NoSQL databases.\",\"PeriodicalId\":114335,\"journal\":{\"name\":\"2022 10th International Symposium on Digital Forensics and Security (ISDFS)\",\"volume\":\"214 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-06-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 10th International Symposium on Digital Forensics and Security (ISDFS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISDFS55398.2022.9800805\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 10th International Symposium on Digital Forensics and Security (ISDFS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISDFS55398.2022.9800805","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
摘要
近年来,互联网技术的进步吸引了越来越多的用户使用web应用程序。用户的机密数据存储在数据库中,从而提高了安全性需求。web应用程序中缺乏安全编码会导致数据威胁。数据库安全在信息安全中占有重要地位。对数据库的访问使攻击者能够控制敏感信息。SQL和NoSQL注入攻击被OWASP (Open Web Application Security Project)归类为危险攻击。这项工作提出了一个通过检测和防止SQL和NoSQL数据库中的攻击来提高网站安全性的框架。在脆弱的web应用上对该系统进行了测试,并与另外两种系统的有效性进行了比较。其他系统可以检测SQL或NoSQL数据库中的攻击,但不能同时检测两者。然而,所提出和实现的系统可以检测和防止SQL和NoSQL数据库中的攻击。
SECURE-D:Framework For Detecting and Preventing Attacks in SQL and NoSQL Databases
The advancements in internet technology have attracted more users for web applications over recent years. Users’ confidential data are stored in databases thus heightening the security needs. Lack of secure coding in web application causes data threats. Database security plays an important role in information security. Access to database grants attackers control over sensitive information. The SQL and NoSQL injection attacks are categorized as dangerous attacks by the Open Web Application Security Project (OWASP). This work presents a framework for improving website security by detecting and preventing attacks in SQL and NoSQL databases. The proposed system is tested on vulnerable web applications and its efficacy is compared to that of two other systems. Other systems can detect attacks in either SQL or NoSQL databases but not both together. However, the proposed and implemented system can detect and prevent attacks in both SQL and NoSQL databases.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
