使用动态查询结构验证阻止存储过程SQL注入攻击

2012 12th International Conference on Intelligent Systems Design and Applications (ISDA) Pub Date : 2012-11-01 DOI:10.1109/ISDA.2012.6416544

Sruthy Mamadhan, T. Manesh, V. Paul

{"title":"使用动态查询结构验证阻止存储过程SQL注入攻击","authors":"Sruthy Mamadhan, T. Manesh, V. Paul","doi":"10.1109/ISDA.2012.6416544","DOIUrl":null,"url":null,"abstract":"Web applications are becoming an important part of our daily life. So attacks against them also increases rapidly. Of these attacks, a major role is held by SQL injection attacks (SQLIA). This paper proposes a new method for preventing SQL injection attacks in JSP web applications. The basic idea is to check before execution, the intended structure of the SQL query. For this we use semantic comparison. This method prevents different kinds of injection attacks including stored procedure attack which is more difficult and less considered in the literature.","PeriodicalId":370150,"journal":{"name":"2012 12th International Conference on Intelligent Systems Design and Applications (ISDA)","volume":"171 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":"{\"title\":\"SQLStor: Blockage of stored procedure SQL injection attack using dynamic query structure validation\",\"authors\":\"Sruthy Mamadhan, T. Manesh, V. Paul\",\"doi\":\"10.1109/ISDA.2012.6416544\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Web applications are becoming an important part of our daily life. So attacks against them also increases rapidly. Of these attacks, a major role is held by SQL injection attacks (SQLIA). This paper proposes a new method for preventing SQL injection attacks in JSP web applications. The basic idea is to check before execution, the intended structure of the SQL query. For this we use semantic comparison. This method prevents different kinds of injection attacks including stored procedure attack which is more difficult and less considered in the literature.\",\"PeriodicalId\":370150,\"journal\":{\"name\":\"2012 12th International Conference on Intelligent Systems Design and Applications (ISDA)\",\"volume\":\"171 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"14\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2012 12th International Conference on Intelligent Systems Design and Applications (ISDA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISDA.2012.6416544\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 12th International Conference on Intelligent Systems Design and Applications (ISDA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISDA.2012.6416544","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 14

摘要

Web应用程序正在成为我们日常生活的重要组成部分。因此，针对它们的攻击也迅速增加。在这些攻击中，SQL注入攻击(SQLIA)扮演了一个主要角色。本文提出了一种防止JSP web应用中SQL注入攻击的新方法。基本思想是在执行前检查SQL查询的预期结构。为此，我们使用语义比较。该方法可防止各种类型的注入攻击，包括文献中难度较大且较少考虑的存储过程攻击。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

SQLStor: Blockage of stored procedure SQL injection attack using dynamic query structure validation

Web applications are becoming an important part of our daily life. So attacks against them also increases rapidly. Of these attacks, a major role is held by SQL injection attacks (SQLIA). This paper proposes a new method for preventing SQL injection attacks in JSP web applications. The basic idea is to check before execution, the intended structure of the SQL query. For this we use semantic comparison. This method prevents different kinds of injection attacks including stored procedure attack which is more difficult and less considered in the literature.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2012 12th International Conference on Intelligent Systems Design and Applications (ISDA)

自引率

0.00%

发文量