Please use this identifier to cite or link to this item:
Full metadata record
DC FieldValueLanguage
dc.contributor.authorSadalkar, K.-
dc.contributor.authorMohandas, R.-
dc.contributor.authorPais, A.R.-
dc.identifier.citationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2011, Vol.7011 LNCS, , pp.3-15en_US
dc.description.abstractSQL Injection vulnerability is ranked 1st in the OWASP top 10 vulnerability list and has resulted in massive attacks on a number of websites in the past few years. Inspite of preventive measures like educating developers about safe coding practices, statistics shows that these vulnerabilities are still dominating the top. Various static and dynamic approaches have been proposed to mitigate this vulnerability. In this paper, we present a hybrid approach to prevent SQL injection attacks in PHP, a popular server side scripting language. This technique is more effective to prevent SQL injection attack in a dynamic web content environment without use of complex string analyzer logic. Initially, we construct a Query model for each hotspot by running the application in safe mode. In the production environment, dynamically generated queries are validated with it. The results and analysis shows the proposed approach is simple and effective to prevent common SQL injection vulnerabilities. � 2011 Springer-Verlag.en_US
dc.titleModel based hybrid approach to prevent SQL injection attacks in PHPen_US
dc.typeBook chapteren_US
Appears in Collections:2. Conference Papers

Files in This Item:
File Description SizeFormat 
8964.pdf370.78 kBAdobe PDFThumbnail

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.