SQL注入攻击及防御技术研究

2015 International Conference on Estimation, Detection and Information Fusion (ICEDIF) Pub Date : 2015-10-01 DOI:10.1109/ICEDIF.2015.7280212

Li Qian, Zhenyuan Zhu, Jun Hu, Shuying Liu

{"title":"SQL注入攻击及防御技术研究","authors":"Li Qian, Zhenyuan Zhu, Jun Hu, Shuying Liu","doi":"10.1109/ICEDIF.2015.7280212","DOIUrl":null,"url":null,"abstract":"SQL injection attack is one of the most serious security vulnerabilities in Web application system, most of these vulnerabilities are caused by lack of input validation and SQL parameters use. Typical SQL injection attack and prevention technologies are introduced in the paper. The detecting methods not only validate user input, but also use type-safe SQL parameters. SQL injection defense model is established according to the detection processes, which is effective against SQL injection vulnerabilities.","PeriodicalId":355975,"journal":{"name":"2015 International Conference on Estimation, Detection and Information Fusion (ICEDIF)","volume":"36 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"38","resultStr":"{\"title\":\"Research of SQL injection attack and prevention technology\",\"authors\":\"Li Qian, Zhenyuan Zhu, Jun Hu, Shuying Liu\",\"doi\":\"10.1109/ICEDIF.2015.7280212\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"SQL injection attack is one of the most serious security vulnerabilities in Web application system, most of these vulnerabilities are caused by lack of input validation and SQL parameters use. Typical SQL injection attack and prevention technologies are introduced in the paper. The detecting methods not only validate user input, but also use type-safe SQL parameters. SQL injection defense model is established according to the detection processes, which is effective against SQL injection vulnerabilities.\",\"PeriodicalId\":355975,\"journal\":{\"name\":\"2015 International Conference on Estimation, Detection and Information Fusion (ICEDIF)\",\"volume\":\"36 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"38\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 International Conference on Estimation, Detection and Information Fusion (ICEDIF)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICEDIF.2015.7280212\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 International Conference on Estimation, Detection and Information Fusion (ICEDIF)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICEDIF.2015.7280212","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 38

摘要

SQL注入攻击是Web应用系统中最严重的安全漏洞之一，这些漏洞大多是由于缺乏输入验证和SQL参数的使用造成的。本文介绍了典型的SQL注入攻击及其防范技术。检测方法不仅验证用户输入，而且还使用类型安全的SQL参数。根据检测过程建立SQL注入防御模型，有效防范SQL注入漏洞。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Research of SQL injection attack and prevention technology

SQL injection attack is one of the most serious security vulnerabilities in Web application system, most of these vulnerabilities are caused by lack of input validation and SQL parameters use. Typical SQL injection attack and prevention technologies are introduced in the paper. The detecting methods not only validate user input, but also use type-safe SQL parameters. SQL injection defense model is established according to the detection processes, which is effective against SQL injection vulnerabilities.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2015 International Conference on Estimation, Detection and Information Fusion (ICEDIF)

自引率

0.00%

发文量