{"title":"A security analysis tool for web application reinforcement against SQL injection attacks (SQLIAs)","authors":"Z. Lashkaripour, A. G. Bafghi","doi":"10.1109/ISCISC.2013.6767326","DOIUrl":null,"url":null,"abstract":"In SQLIA, attacker injects an input in the query in order to change the structure of the query intended by the programmer and therefore, gain access to the data in the underlying database. Due to the significance of the stored data, web application's security against SQLIA is vital. In this paper we propose a tool that is capable of reporting the transformations needed to reinforce the security of a Java-based web application and its database against SQLIAs. This tool which is based on static analysis and runtime validation uses our new technique for detection and prevention of SQLIAs. In our technique user inputs in SQL queries are removed and some information is gathered in order to make the detection easier and faster at runtime. According to these information the tool reports the transformations needed and the location of the transformations in source code and therefore after applying the transformations the result would be a reinforced web application against SQLIAs.","PeriodicalId":265985,"journal":{"name":"2013 10th International ISC Conference on Information Security and Cryptology (ISCISC)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2013-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 10th International ISC Conference on Information Security and Cryptology (ISCISC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISCISC.2013.6767326","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 5
Abstract
In SQLIA, attacker injects an input in the query in order to change the structure of the query intended by the programmer and therefore, gain access to the data in the underlying database. Due to the significance of the stored data, web application's security against SQLIA is vital. In this paper we propose a tool that is capable of reporting the transformations needed to reinforce the security of a Java-based web application and its database against SQLIAs. This tool which is based on static analysis and runtime validation uses our new technique for detection and prevention of SQLIAs. In our technique user inputs in SQL queries are removed and some information is gathered in order to make the detection easier and faster at runtime. According to these information the tool reports the transformations needed and the location of the transformations in source code and therefore after applying the transformations the result would be a reinforced web application against SQLIAs.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
