SQL注入安全漏洞的自动通用服务器级解决方案

International Conference on Electrical, Electronic and Computer Engineering, 2004. ICEEC '04. Pub Date : 2004-09-05 DOI:10.1109/ICEEC.2004.1374401

A. Alfantookh

{"title":"SQL注入安全漏洞的自动通用服务器级解决方案","authors":"A. Alfantookh","doi":"10.1109/ICEEC.2004.1374401","DOIUrl":null,"url":null,"abstract":"In this paper, the problem of SQL Injection attacks to web-based applications is discussed and described. The previous work on this problem is presented and the main problem of using manual solutions is highlighted. An automated universal server level solution calIed AUSELSQI is proposed and illustrated. The solution is shown to be universal for any Ype of web server and is applied automatically to all existing and future web applications residing on a web server. Experiments conducted show that the overhead of applying this solution is negligible. Comparison with other techniques is also presented.","PeriodicalId":180043,"journal":{"name":"International Conference on Electrical, Electronic and Computer Engineering, 2004. ICEEC '04.","volume":"28 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2004-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":"{\"title\":\"An automated universal server level solution for SQL injection security flaw\",\"authors\":\"A. Alfantookh\",\"doi\":\"10.1109/ICEEC.2004.1374401\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this paper, the problem of SQL Injection attacks to web-based applications is discussed and described. The previous work on this problem is presented and the main problem of using manual solutions is highlighted. An automated universal server level solution calIed AUSELSQI is proposed and illustrated. The solution is shown to be universal for any Ype of web server and is applied automatically to all existing and future web applications residing on a web server. Experiments conducted show that the overhead of applying this solution is negligible. Comparison with other techniques is also presented.\",\"PeriodicalId\":180043,\"journal\":{\"name\":\"International Conference on Electrical, Electronic and Computer Engineering, 2004. ICEEC '04.\",\"volume\":\"28 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2004-09-05\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"11\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Conference on Electrical, Electronic and Computer Engineering, 2004. ICEEC '04.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICEEC.2004.1374401\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Conference on Electrical, Electronic and Computer Engineering, 2004. ICEEC '04.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICEEC.2004.1374401","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 11

摘要

本文讨论和描述了基于web应用程序的SQL注入攻击问题。介绍了前人在这一问题上的工作，并强调了使用人工解决方案的主要问题。提出并说明了一种自动化的通用服务器级解决方案——AUSELSQI。该解决方案适用于任何类型的web服务器，并自动应用于驻留在web服务器上的所有现有和未来的web应用程序。实验表明，应用该解决方案的开销可以忽略不计。并与其他技术进行了比较。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

An automated universal server level solution for SQL injection security flaw

In this paper, the problem of SQL Injection attacks to web-based applications is discussed and described. The previous work on this problem is presented and the main problem of using manual solutions is highlighted. An automated universal server level solution calIed AUSELSQI is proposed and illustrated. The solution is shown to be universal for any Ype of web server and is applied automatically to all existing and future web applications residing on a web server. Experiments conducted show that the overhead of applying this solution is negligible. Comparison with other techniques is also presented.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

International Conference on Electrical, Electronic and Computer Engineering, 2004. ICEEC '04.

自引率

0.00%

发文量