新时代的老风险:云环境中的SQL注入

IF 0.5 Q4 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Grid and Utility Computing Pub Date : 2021-01-01 DOI:10.1504/ijguc.2021.10034610

Fu Xiao, Wang Zhi-jian, Wang Meiling, Chen Ning, Zhu Yue, Zhang Lei, Wang Pei, Cao Xiaoning

{"title":"新时代的老风险:云环境中的SQL注入","authors":"Fu Xiao, Wang Zhi-jian, Wang Meiling, Chen Ning, Zhu Yue, Zhang Lei, Wang Pei, Cao Xiaoning","doi":"10.1504/ijguc.2021.10034610","DOIUrl":null,"url":null,"abstract":"After haunting all the software engineers for more than 26 years since it was discovered and classified in 2002, SQL injection still poses a most serious threat to developers, maintainers and users of web applications even into the brand new cloud era. SaaS, PaaS and IaaS virtualisation technologies which are widely used by cloud computing seemed to fail the enhancement of security against such an attack. We strive to study the mechanism and principles of SQL injection attack in order to help the information security personnel to understand and manage such risks.","PeriodicalId":44878,"journal":{"name":"International Journal of Grid and Utility Computing","volume":null,"pages":null},"PeriodicalIF":0.5000,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"An old risk in the new era: SQL injection in cloud environment\",\"authors\":\"Fu Xiao, Wang Zhi-jian, Wang Meiling, Chen Ning, Zhu Yue, Zhang Lei, Wang Pei, Cao Xiaoning\",\"doi\":\"10.1504/ijguc.2021.10034610\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"After haunting all the software engineers for more than 26 years since it was discovered and classified in 2002, SQL injection still poses a most serious threat to developers, maintainers and users of web applications even into the brand new cloud era. SaaS, PaaS and IaaS virtualisation technologies which are widely used by cloud computing seemed to fail the enhancement of security against such an attack. We strive to study the mechanism and principles of SQL injection attack in order to help the information security personnel to understand and manage such risks.\",\"PeriodicalId\":44878,\"journal\":{\"name\":\"International Journal of Grid and Utility Computing\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.5000,\"publicationDate\":\"2021-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Grid and Utility Computing\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1504/ijguc.2021.10034610\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Grid and Utility Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1504/ijguc.2021.10034610","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

SQL注入自2002年被发现并分类以来，困扰了所有软件工程师26年多，即使进入全新的云时代，它仍然对web应用程序的开发人员、维护人员和用户构成最严重的威胁。云计算广泛使用的SaaS、PaaS和IaaS虚拟化技术似乎无法增强针对此类攻击的安全性。我们努力研究SQL注入攻击的机制和原理，以帮助信息安全人员了解和管理此类风险。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

An old risk in the new era: SQL injection in cloud environment

After haunting all the software engineers for more than 26 years since it was discovered and classified in 2002, SQL injection still poses a most serious threat to developers, maintainers and users of web applications even into the brand new cloud era. SaaS, PaaS and IaaS virtualisation technologies which are widely used by cloud computing seemed to fail the enhancement of security against such an attack. We strive to study the mechanism and principles of SQL injection attack in order to help the information security personnel to understand and manage such risks.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

International Journal of Grid and Utility Computing COMPUTER SCIENCE, INFORMATION SYSTEMS-

CiteScore

1.30

自引率

0.00%

发文量