SQL注入漏洞通用补丁使用标头清理

2014 International Conference on Computer, Communications, and Control Technology (I4CT) Pub Date : 2014-10-02 DOI:10.1109/I4CT.2014.6914182

Amirmohammad Sadeghian, M. Zamani, Azizah Abd Manaf

{"title":"SQL注入漏洞通用补丁使用标头清理","authors":"Amirmohammad Sadeghian, M. Zamani, Azizah Abd Manaf","doi":"10.1109/I4CT.2014.6914182","DOIUrl":null,"url":null,"abstract":"SQL injection is one of well-known web application vulnerabilities. SQL injection is a type of attack which attacker attempts to insert malicious SQL query through none sanitized variables into the web application. Consequently web application will concatenate the variable with the legitimate query and will send it to the database for execution. In result of a successful SQL injection attack, the attacker can read from the database or modify entities of the database (Insert, Delete, Update). Currently different types of defense systems are available to defeat this vulnerability. However some of these techniques needs to stop the existence web application and patch the vulnerability, and since this process might be time consuming, it is not very practical for companies to stop their online services. To address this problem we proposed a model which can generally patch the SQL injection vulnerability. The model is not dependent on the language which the web application is written in and the amount of necessary changes in the application is low. The model can be implemented as a library which can be include in the vulnerable web application by calling one line of code.","PeriodicalId":356190,"journal":{"name":"2014 International Conference on Computer, Communications, and Control Technology (I4CT)","volume":"25 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-10-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":"{\"title\":\"SQL injection vulnerability general patch using header sanitization\",\"authors\":\"Amirmohammad Sadeghian, M. Zamani, Azizah Abd Manaf\",\"doi\":\"10.1109/I4CT.2014.6914182\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"SQL injection is one of well-known web application vulnerabilities. SQL injection is a type of attack which attacker attempts to insert malicious SQL query through none sanitized variables into the web application. Consequently web application will concatenate the variable with the legitimate query and will send it to the database for execution. In result of a successful SQL injection attack, the attacker can read from the database or modify entities of the database (Insert, Delete, Update). Currently different types of defense systems are available to defeat this vulnerability. However some of these techniques needs to stop the existence web application and patch the vulnerability, and since this process might be time consuming, it is not very practical for companies to stop their online services. To address this problem we proposed a model which can generally patch the SQL injection vulnerability. The model is not dependent on the language which the web application is written in and the amount of necessary changes in the application is low. The model can be implemented as a library which can be include in the vulnerable web application by calling one line of code.\",\"PeriodicalId\":356190,\"journal\":{\"name\":\"2014 International Conference on Computer, Communications, and Control Technology (I4CT)\",\"volume\":\"25 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-10-02\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"10\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2014 International Conference on Computer, Communications, and Control Technology (I4CT)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/I4CT.2014.6914182\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 International Conference on Computer, Communications, and Control Technology (I4CT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/I4CT.2014.6914182","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 10

摘要

SQL注入是众所周知的web应用程序漏洞之一。SQL注入是一种攻击，攻击者试图通过未消毒的变量向web应用程序中插入恶意SQL查询。因此，web应用程序将变量与合法查询连接起来，并将其发送到数据库执行。成功的SQL注入攻击的结果是，攻击者可以从数据库读取或修改数据库的实体(插入、删除、更新)。目前有不同类型的防御系统可用于克服此漏洞。然而，其中一些技术需要停止现有的web应用程序并修补漏洞，并且由于这个过程可能很耗时，因此对于公司来说，停止他们的在线服务是不太实际的。为了解决这个问题，我们提出了一个可以修补SQL注入漏洞的模型。该模型不依赖于编写web应用程序的语言，并且应用程序中必要的更改量很低。该模型可以作为一个库实现，只需调用一行代码就可以将其包含在易受攻击的web应用程序中。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

SQL injection vulnerability general patch using header sanitization

SQL injection is one of well-known web application vulnerabilities. SQL injection is a type of attack which attacker attempts to insert malicious SQL query through none sanitized variables into the web application. Consequently web application will concatenate the variable with the legitimate query and will send it to the database for execution. In result of a successful SQL injection attack, the attacker can read from the database or modify entities of the database (Insert, Delete, Update). Currently different types of defense systems are available to defeat this vulnerability. However some of these techniques needs to stop the existence web application and patch the vulnerability, and since this process might be time consuming, it is not very practical for companies to stop their online services. To address this problem we proposed a model which can generally patch the SQL injection vulnerability. The model is not dependent on the language which the web application is written in and the amount of necessary changes in the application is low. The model can be implemented as a library which can be include in the vulnerable web application by calling one line of code.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2014 International Conference on Computer, Communications, and Control Technology (I4CT)

自引率

0.00%

发文量