Amirmohammad Sadeghian, M. Zamani, Azizah Abd Manaf
{"title":"SQL injection vulnerability general patch using header sanitization","authors":"Amirmohammad Sadeghian, M. Zamani, Azizah Abd Manaf","doi":"10.1109/I4CT.2014.6914182","DOIUrl":null,"url":null,"abstract":"SQL injection is one of well-known web application vulnerabilities. SQL injection is a type of attack which attacker attempts to insert malicious SQL query through none sanitized variables into the web application. Consequently web application will concatenate the variable with the legitimate query and will send it to the database for execution. In result of a successful SQL injection attack, the attacker can read from the database or modify entities of the database (Insert, Delete, Update). Currently different types of defense systems are available to defeat this vulnerability. However some of these techniques needs to stop the existence web application and patch the vulnerability, and since this process might be time consuming, it is not very practical for companies to stop their online services. To address this problem we proposed a model which can generally patch the SQL injection vulnerability. The model is not dependent on the language which the web application is written in and the amount of necessary changes in the application is low. The model can be implemented as a library which can be include in the vulnerable web application by calling one line of code.","PeriodicalId":356190,"journal":{"name":"2014 International Conference on Computer, Communications, and Control Technology (I4CT)","volume":"25 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-10-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 International Conference on Computer, Communications, and Control Technology (I4CT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/I4CT.2014.6914182","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 10
Abstract
SQL injection is one of well-known web application vulnerabilities. SQL injection is a type of attack which attacker attempts to insert malicious SQL query through none sanitized variables into the web application. Consequently web application will concatenate the variable with the legitimate query and will send it to the database for execution. In result of a successful SQL injection attack, the attacker can read from the database or modify entities of the database (Insert, Delete, Update). Currently different types of defense systems are available to defeat this vulnerability. However some of these techniques needs to stop the existence web application and patch the vulnerability, and since this process might be time consuming, it is not very practical for companies to stop their online services. To address this problem we proposed a model which can generally patch the SQL injection vulnerability. The model is not dependent on the language which the web application is written in and the amount of necessary changes in the application is low. The model can be implemented as a library which can be include in the vulnerable web application by calling one line of code.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
