Mazoon Hashil Al Rubaiei, Thuraiya Al Yarubi, Maiya Al Saadi, B. Kumar
{"title":"SQLIA检测和预防技术","authors":"Mazoon Hashil Al Rubaiei, Thuraiya Al Yarubi, Maiya Al Saadi, B. Kumar","doi":"10.1109/SMART50582.2020.9336795","DOIUrl":null,"url":null,"abstract":"Structure Query Language Injection (SQLI) is one of the top most threat to web-based applications (Like e-commerce, banking, shopping, trading, blogs, etc.) which are connected to the database. The attacker has the ability to get full access and the full control of the database or the application and that drives to removing, modifying and changing significant data. This can be performed by the attacker when a sequence of malicious SQL statements are injected by the attacker into a query through an input that is not validated. Finding the proper solution to stop or mitigate the SQL injection is necessary due to the importance of security of web applications. Many researchers have studied SQLIA detection and prevention extensively and have proposed various methods. However, these techniques are not enough because usually, they have limitations cannot stop all type of attacks. This paper presents background study about classical types of SQLIA, detection and prevention techniques as well as evaluation of these approaches against those types of attacks.","PeriodicalId":129946,"journal":{"name":"2020 9th International Conference System Modeling and Advancement in Research Trends (SMART)","volume":"36 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-12-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"SQLIA Detection and Prevention Techniques\",\"authors\":\"Mazoon Hashil Al Rubaiei, Thuraiya Al Yarubi, Maiya Al Saadi, B. Kumar\",\"doi\":\"10.1109/SMART50582.2020.9336795\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Structure Query Language Injection (SQLI) is one of the top most threat to web-based applications (Like e-commerce, banking, shopping, trading, blogs, etc.) which are connected to the database. The attacker has the ability to get full access and the full control of the database or the application and that drives to removing, modifying and changing significant data. This can be performed by the attacker when a sequence of malicious SQL statements are injected by the attacker into a query through an input that is not validated. Finding the proper solution to stop or mitigate the SQL injection is necessary due to the importance of security of web applications. Many researchers have studied SQLIA detection and prevention extensively and have proposed various methods. However, these techniques are not enough because usually, they have limitations cannot stop all type of attacks. This paper presents background study about classical types of SQLIA, detection and prevention techniques as well as evaluation of these approaches against those types of attacks.\",\"PeriodicalId\":129946,\"journal\":{\"name\":\"2020 9th International Conference System Modeling and Advancement in Research Trends (SMART)\",\"volume\":\"36 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-12-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 9th International Conference System Modeling and Advancement in Research Trends (SMART)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SMART50582.2020.9336795\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 9th International Conference System Modeling and Advancement in Research Trends (SMART)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SMART50582.2020.9336795","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Structure Query Language Injection (SQLI) is one of the top most threat to web-based applications (Like e-commerce, banking, shopping, trading, blogs, etc.) which are connected to the database. The attacker has the ability to get full access and the full control of the database or the application and that drives to removing, modifying and changing significant data. This can be performed by the attacker when a sequence of malicious SQL statements are injected by the attacker into a query through an input that is not validated. Finding the proper solution to stop or mitigate the SQL injection is necessary due to the importance of security of web applications. Many researchers have studied SQLIA detection and prevention extensively and have proposed various methods. However, these techniques are not enough because usually, they have limitations cannot stop all type of attacks. This paper presents background study about classical types of SQLIA, detection and prevention techniques as well as evaluation of these approaches against those types of attacks.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
