APC
Submit a Manuscript
Home About Authors Subscriber Ethics Journals Contact

Asian Journal of Information Technology

Year: 2013
Volume: 12
Issue: 4
Page No. 131 - 139
DOI: 10.36478/ajit.2013.131.139

The SQL Injection Attack Detection and Prevention by Classification and Analysis

Authors : V. Nithya, S. Lakshmana Pandian and R. Regan

References

Ali, S., S.K. Shahzad and H. Javed, 2009. SQLIPA: An authentication mechanism against SQL injection. Eur. J. Sci. Res., 38: 604-611.

Bisht, P., P. Madhusudan and V.N. Venkatakrishnan, 2010. Candid: Dynamic candidate evaluations for automatic prevention of SQL injection attacks. ACM Trans. Inf. Syst. Security, 5: 1-39.
CrossRef  |  Direct Link  |  

Boyd, S.W. and A.D. Keromytis, 2004. SQLrand: Preventing SQL injection attacks. Proceedings of the 2nd Applied Cryptography and Network Security Conference, June 8-11, 2004, Yellow Mountain, China, pp: 292-302.

Buehrer, G., B.W. Weide and P.A.G. Sivilotti, 2005. Using parse tree validation to prevent SQL injection attacks. Proceedings of the 5th International Workshop on Software Engineering and Middleware, September 5-6, 2005, Lisbon, Portugal, pp: 106-113.

Cova, M., D. Balzarotti, V. Felmetsger and G. Vigna, 2007. Swaddler: An approach for the anomaly-based detection of state violations in web applications. Proceedings of the 10th International Symposium on Recent Advances in Intrusion Detection, September 5-7, 2007, Gold Goast, Australia, pp: 63-86.

Firdos, M. and A. Sheikh, 2011. Secure query processing by blocking SQL injection attack (SQLIA). Int. J. Res. Manage., Vol. 3.

Fu, X., X. Lu, P. Verger, B.S. Chen, K. Qian and L. Tao, 2007. A static analysis framework for detecting SQL injection vulnerabilities. Proceedings of the IEEE Annual International Computer Software and Application Conference, Volume 1, July 24-27, 2007, Beijing, pp: 87-96.

Gould, C., Z. Su and P. Devanbu, 2004. JDBC checker: A static analysis tool for QL/JDBC applications. Proceedings of the 26th International Conference on Software Engineering, May 23-28, 2004, Davis, CA., USA., pp: 697-698.

Halfond, W.G. and A. Orso, 2005. Amnesia: Analysis and monitoring for neutralizing SQL-injection attacks. Proceedings of the 20th IEEE/ACM International Conference on Automated Software Engineering, November 7-11, 2005, Long Beach, CA., USA., pp: 174-183.

Halfond, W.G. and A. Orso, 2005. Combining static analysis and runtime monitoring to counter SQL-injection attacks. Proceedings of the 3rd International ICSE Workshop on Dynamic Analysis, May 2005, St. Louis, MO., USA., pp: 22-28.

Howard, M. and D. LeBlanc, 2003. Writing Secure Code. 2nd Edn., Microsoft Press, New York USA., ISBN-13: 9780735617223, pp: 768.

Huang, Y.W., C.H. Tsai, T.P. Lin, S.K. Huang, D.T. Lee and S.Y. Kuo, 2005. A testing framework for Web application security assessment. Comput. Networks, 48: 739-761.
CrossRef  |  

Huang, Y.W., F. Yu, C. Hang, C.H. Tsai, D.T. Lee and S.Y. Kuo, 2004. Securing web application code by static analysis and runtime protection. Proceedings of the 13th International Conference on World Wide Web, May 17-20, 2004, ACM, New York, USA., pp: 40-52.

Kiani, M., A. Clark and G. Mohay, 2008. Evaluation of anomaly based character distribution models in the detection of SQL injection attacks. Proceedings of the 3rd International Conference on Availability, Reliability and Security, March 4-7, 2008, Barcelona, pp: 47-55.

Lee, I., S.J.S. Yeoc and J. Moond, 2011. A novel method for SQL injection attack detection based on removing SQL query attribute. J. Math. Comput. Mod., 55: 58-68.
CrossRef  |  Direct Link  |  

Martin, M., B. Livshits and M.S. Lam, 2005. Finding application errors and security flaws using PQL: A program query language. Proceedings of the 20th Annual ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages and Applications, Volume 40, October 16-20, 2005, San Diego, CA, USA., pp: 365-383.

Roichman, A. and E. Gudes, 2008. DIWeDa-detecting intrusions in web databases. Proceedings of the 22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security London, July 13-16, 2008, UK., pp: 313-329.

Scott, D. and R. Sharp, 2002. Abstracting application-level web security. Proceedings of the 11th International Conference on the World Wide Web, May 7-11, 2002, Honolulu, Hawaii, USA., pp: 396-407.

Su, Z. and G. Wassermann, 2006. The essence of command injection attacks in web applications. Proceedings of the 33rd ACM Symposium on Principles of Programming Languages, January 11-13, 2006, Charleston, South Carolina, USA., pp: 372-382.

Tajpour, A., S. Ibrahim and M. Masrom, 2011. SQL injection detection and prevention techniques. Int. J. Adv. Comput. Technol., 3: 82-91.
Direct Link  |  

Valeur, F., D. Mutz and G. Vigna, 2005. A learning-based approach to the detection of SQL attacks. Proceedings of the 2nd International Conference on Detection of Intrusions and Malware and Vulnerability Assessment, July 2005, Vienna, Austria, pp: 123-140.

WHID, 2010. Report from July December 2010. Trust Wave Holdings.

Wassermann, G. and Z. Su, 2004. An analysis framework for security in web applications. Proceedings of the FSE Workshop on Specification and Verification of Component-Based Systems, October 2004, Atlanta, GA., pp: 70-78.

Design and power by Medwell Web Development Team. © Medwell Publishing 2024 All Rights Reserved