SQL注入检测和预防技术的评价

2010 2nd International Conference on Computational Intelligence, Communication Systems and Networks Pub Date : 2010-07-28 DOI:10.1109/CICSyN.2010.55

A. Tajpour, M. Shooshtari

{"title":"SQL注入检测和预防技术的评价","authors":"A. Tajpour, M. Shooshtari","doi":"10.1109/CICSyN.2010.55","DOIUrl":null,"url":null,"abstract":"Database driven web application are threaten by SQL Injection Attacks (SQLIAs) because this type of attack can compromise confidentiality and integrity of information in databases. Actually, an attacker intrudes to the web application database and consequently, access to data. For stopping this type of attack different approaches have been proposed by researchers but they are not enough because usually they have limitations. Indeed, some of these approaches have not implemented yet and also most of implemented approaches cannot stop all type of attacks. In this paper all type of SQL injection attack and also different approaches which can detect or prevent them are presented. Finally we evaluate these approaches against all types of SQL injection attacks and deployment requirements.","PeriodicalId":358023,"journal":{"name":"2010 2nd International Conference on Computational Intelligence, Communication Systems and Networks","volume":"188 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-07-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"73","resultStr":"{\"title\":\"Evaluation of SQL Injection Detection and Prevention Techniques\",\"authors\":\"A. Tajpour, M. Shooshtari\",\"doi\":\"10.1109/CICSyN.2010.55\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Database driven web application are threaten by SQL Injection Attacks (SQLIAs) because this type of attack can compromise confidentiality and integrity of information in databases. Actually, an attacker intrudes to the web application database and consequently, access to data. For stopping this type of attack different approaches have been proposed by researchers but they are not enough because usually they have limitations. Indeed, some of these approaches have not implemented yet and also most of implemented approaches cannot stop all type of attacks. In this paper all type of SQL injection attack and also different approaches which can detect or prevent them are presented. Finally we evaluate these approaches against all types of SQL injection attacks and deployment requirements.\",\"PeriodicalId\":358023,\"journal\":{\"name\":\"2010 2nd International Conference on Computational Intelligence, Communication Systems and Networks\",\"volume\":\"188 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-07-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"73\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2010 2nd International Conference on Computational Intelligence, Communication Systems and Networks\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CICSyN.2010.55\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 2nd International Conference on Computational Intelligence, Communication Systems and Networks","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CICSyN.2010.55","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 73

摘要

数据库驱动的web应用程序受到SQL注入攻击(SQL Injection Attacks, sqlia)的威胁，因为这种类型的攻击会破坏数据库信息的机密性和完整性。实际上，攻击者入侵了web应用程序数据库，从而访问了数据。为了阻止这种类型的攻击，研究人员提出了不同的方法，但它们是不够的，因为它们通常有局限性。事实上，其中一些方法尚未实现，而且大多数已实现的方法无法阻止所有类型的攻击。本文介绍了各种类型的SQL注入攻击，以及检测和预防SQL注入攻击的方法。最后，我们针对所有类型的SQL注入攻击和部署需求评估了这些方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Evaluation of SQL Injection Detection and Prevention Techniques

Database driven web application are threaten by SQL Injection Attacks (SQLIAs) because this type of attack can compromise confidentiality and integrity of information in databases. Actually, an attacker intrudes to the web application database and consequently, access to data. For stopping this type of attack different approaches have been proposed by researchers but they are not enough because usually they have limitations. Indeed, some of these approaches have not implemented yet and also most of implemented approaches cannot stop all type of attacks. In this paper all type of SQL injection attack and also different approaches which can detect or prevent them are presented. Finally we evaluate these approaches against all types of SQL injection attacks and deployment requirements.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2010 2nd International Conference on Computational Intelligence, Communication Systems and Networks

自引率

0.00%

发文量