Abdalla Hadabi, Eltyeb Elsamani, A. Abdallah, Rashad Elhabob
{"title":"一种检测和防止SQL注入攻击的有效模型","authors":"Abdalla Hadabi, Eltyeb Elsamani, A. Abdallah, Rashad Elhabob","doi":"10.54388/jkues.v1i2.141","DOIUrl":null,"url":null,"abstract":"SQL injection attack (SQLIA) is considered one of most threats used to attack web applications. Therefore, attackers used SQL injection vulnerability to gain ultimate access to databases that belong to applications and expose their sensitive information. Thus, attackers use SQL injections vulnerability to manipulate data also it could be used to take full control of the target machine. Accordingly, several methods were proposed in the literature to address this vulnerability widely because of its importance and high impact on the security of web applications. Thus, we propose a model to detect and prevent SQL injection attacks, which uses runtime validation to detect the occurrence of such attacks, our proposed model is adaptable to any existing system, with no need to modify the client or server and either no need to know web application source code. Furthermore, the modification independence is done by adding additional middleware between client and server. Thus, any check process is done on this middleware, and it is represented as a proxy that can do sanitize the inputs for detecting and preventing SQLIA. Furthermore, our proposed model accuracy reaches 86:6% for detecting and preventing SQLIA.","PeriodicalId":129247,"journal":{"name":"Journal of Karary University for Engineering and Science","volume":"86 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-03-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"An Efficient Model to Detect and Prevent SQL Injection Attack\",\"authors\":\"Abdalla Hadabi, Eltyeb Elsamani, A. Abdallah, Rashad Elhabob\",\"doi\":\"10.54388/jkues.v1i2.141\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"SQL injection attack (SQLIA) is considered one of most threats used to attack web applications. Therefore, attackers used SQL injection vulnerability to gain ultimate access to databases that belong to applications and expose their sensitive information. Thus, attackers use SQL injections vulnerability to manipulate data also it could be used to take full control of the target machine. Accordingly, several methods were proposed in the literature to address this vulnerability widely because of its importance and high impact on the security of web applications. Thus, we propose a model to detect and prevent SQL injection attacks, which uses runtime validation to detect the occurrence of such attacks, our proposed model is adaptable to any existing system, with no need to modify the client or server and either no need to know web application source code. Furthermore, the modification independence is done by adding additional middleware between client and server. Thus, any check process is done on this middleware, and it is represented as a proxy that can do sanitize the inputs for detecting and preventing SQLIA. Furthermore, our proposed model accuracy reaches 86:6% for detecting and preventing SQLIA.\",\"PeriodicalId\":129247,\"journal\":{\"name\":\"Journal of Karary University for Engineering and Science\",\"volume\":\"86 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-03-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Karary University for Engineering and Science\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.54388/jkues.v1i2.141\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Karary University for Engineering and Science","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.54388/jkues.v1i2.141","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
An Efficient Model to Detect and Prevent SQL Injection Attack
SQL injection attack (SQLIA) is considered one of most threats used to attack web applications. Therefore, attackers used SQL injection vulnerability to gain ultimate access to databases that belong to applications and expose their sensitive information. Thus, attackers use SQL injections vulnerability to manipulate data also it could be used to take full control of the target machine. Accordingly, several methods were proposed in the literature to address this vulnerability widely because of its importance and high impact on the security of web applications. Thus, we propose a model to detect and prevent SQL injection attacks, which uses runtime validation to detect the occurrence of such attacks, our proposed model is adaptable to any existing system, with no need to modify the client or server and either no need to know web application source code. Furthermore, the modification independence is done by adding additional middleware between client and server. Thus, any check process is done on this middleware, and it is represented as a proxy that can do sanitize the inputs for detecting and preventing SQLIA. Furthermore, our proposed model accuracy reaches 86:6% for detecting and preventing SQLIA.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
