Please use this identifier to cite or link to this item:
Title: Detection and prevention of SQL injection attacks using semantic equivalence
Authors: Narayanan, S.N.
Pais, A.R.
Mohandas, R.
Issue Date: 2011
Citation: Communications in Computer and Information Science, 2011, Vol.157 CCIS, , pp.103-112
Abstract: SQL injection vulnerability is a kind of injection vulnerability in which the database server is forced to execute some illicit operations by crafting specific inputs to the web server. Even though this vulnerability has had it's presence for several years now, most of its popular mitigation techniques are based on safe coding practices, which are neither applicable to the existing applications, nor are application independent. Here we propose a new application logic independent solution to prevent SQL injection attacks which can be applicable to any dynamic web technology. The new solution detects SQL injection by considering the semantic variance between the queries generated by the query function with safe inputs and injection inputs. We have implemented the complete solution in ASP.NET with C# web applications using a custom written tool, SIAP, which patches the SQL Injection vulnerabilities in an existing web application by instrumenting the binaries. � Springer-Verlag 2011.
Appears in Collections:2. Conference Papers

Files in This Item:
File Description SizeFormat 
7689.pdf201.27 kBAdobe PDFThumbnail

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.