APC
Submit a Manuscript
Home About Authors Subscriber Ethics Journals Contact

Asian Journal of Information Technology

Year: 2017
Volume: 16
Issue: 6
Page No. 451 - 457
DOI: 10.36478/ajit.2017.451.457

A Flexible and Extendable Data Mining Based Generic Framework for Preventing SQL Injection Attacks

Authors : J. Pradeep Kumar, A. Udaya Kumar and T. Ravi

References

Ali, A.B.M., A.Y.I. Shakhatreh, M.S. Abdullah and J. Alostad, 2011. SQL-injection vulnerability scanning tool for automatic creation of SQL-injection attacks. Procedia Comput. Sci., 3: 453-458.
CrossRef  |  

Antunes, N. and M. Vieira, 2009. Comparing the effectiveness of penetration testing and static code analysis on the detection of SQL injection vulnerabilities in web services. Proceedings of the 15th IEEE Pacific Rim International Symposium on Dependable Computing (PRDC'09), November 16-18, 2009, IEEE, Shanghai, China, ISBN:978-0-7695-3849-5, pp: 301-306.

Antunes, N. and M. Vieira, 2009. Detecting SQL injection vulnerabilities in web services. Proceedings of the 4th Latin-American Symposium on Dependable Computing, September 1-4, 2009, Joao Pessoa, pp: 17-24.

Antunes, N., N. Laranjeiro, M. Vieira and H. Madeira, 2009. Effective detection of SQL/xpath injection vulnerabilities in web services. Proceedings of the IEEE International Conference on Services Computing, September 21-25, 2009, Bangalore, pp: 260-267.

Bandhakavi, S., P. Bisht, P. Madhusudan and V.N. Venkatakrishnan, 2007. CANDID: Preventing SQL injection attacks using dynamic candidate evaluations. Proceedings of the 14th ACM International Conference on Computer and Communications Security, October 28, 2007, ACM, New York, USA., ISBN:978-1-59593-703-2, pp: 12-24.

Buehrer, G., B.W. Weide and P.A.G. Sivilotti, 2005. Using parse tree validation to prevent SQL injection attacks. Proceedings of the 5th International Workshop on Software Engineering and Middleware, September 5-6, 2005, Lisbon, Portugal, pp: 106-113.

Chapela, V., 2005. Advanced SQL injection. MCS Thesis, OWASP, Maryland, USA.

Ciampa, A., C.A. Visaggio and D.M. Penta, 2010. A heuristic-based approach for detecting SQL-injection vulnerabilities in Web applications. Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems, May 02, 2010, ACM, New York, USA., ISBN:978-1-60558-965-7, pp: 43-49.

Clarke, J., 2012. SQL Injection Attacks and Defense. Elsevier, Amsterdam, Netherlands, ISBN:978-1-59749-963-7, Pages: 547.

Das, D., U. Sharma and D.K. Bhattacharyya, 2010. An approach to detection of SQL injection vulnerabilities based on dynamic query matching. Intl. J. Comput. Appl., 1: 39-45.
CrossRef  |  Direct Link  |  

Doug, A.N.T.S.G. and G.D. Evans, 2004. Automatically hardening web applications using precise tainting. Master Thesis, University of Virginia, Charlottesville, Virginia.

Dysart, F. and M. Sherriff, 2008. Automated fix generator for SQL injection attacks. Proceedings of the 19th International Symposium on Software Reliability Engineering, November 10-14, 2008, IEEE, Seattle, Washington, ISBN:978-0-7695-3405-3, pp: 311-312.

Fayo, E.M., 2005. Advanced SQL injection in Oracle databases. Mandalay Bay, Nevada, USA.

Ficco, M., L. Coppolino and L. Romano, 2009. A weight-based symptom correlation approach to SQL injection attacks. Proceedings of the 4th Latin-American International Symposium on Dependable Computing (LADC'09), September 1-4, 2009, IEEE, Joao Pessoa, Brazil, ISBN:978-1-4244-4678-0, pp: 9-16.

Fonseca, J., M. Vieira and H. Madeira, 2007. Testing and comparing web vulnerability scanning tools for SQL injection and XSS attacks. Proceedings of the 13th Pacific Rim International Symposium on Dependable Computing, December 17-19, 2007, Melbourne, Qld, pp: 365-372.

Fu, X. and K. Qian, 2008. SAFELI: SQL injection scanner using symbolic execution. Proceedings of the Workshop on Testing, Analysis and Verification of Web Services and Applications, July 20-24, 2008, Seattle, WA., USA., pp: 34-39.

Fu, X., X. Lu, P. Verger, B.S. Chen, K. Qian and L. Tao, 2007. A static analysis framework for detecting SQL injection vulnerabilities. Proceedings of the IEEE Annual International Computer Software and Application Conference, Volume 1, July 24-27, 2007, Beijing, pp: 87-96.

Halder, R. and A. Cortesi, 2010. Obfuscation-based analysis of SQL injection attacks. Proceedings of the IEEE Symposium on Computers and Communications, June 22-25, 2010, Riccione, Italy, pp: 931-938.

Halfond, W.G. and A. Orso, 2005. Amnesia: Analysis and monitoring for neutralizing SQL-injection attacks. Proceedings of the 20th IEEE/ACM International Conference on Automated Software Engineering, November 7-11, 2005, Long Beach, CA., USA., pp: 174-183.

Halfond, W.G. and A. Orso, 2005. Combining static analysis and runtime monitoring to counter SQL-injection attacks. Proceedings of the ACM International Conference on SIGSOFT Software Engineering Notes Vol. 30, May 17, 2005, ACM, New York, USA., pp: 1-7.

Johari, R. and P. Sharma, 2012. A survey on web application vulnerabilities (SQLIA, XSS) exploitation and security engine for SQL injection. Proceedings of the International Conference on Communication Systems and Network Technologies, May 11-13, 2012, Rajkot, pp: 453-458.

Kals, S., E. Kirda, C. Kruegel and N. Jovanovic, 2006. Secubat: A web vulnerability scanner. Proceedings of the 15th International Conference on World Wide Web, May 22-26, 2006, ACM, New York, USA., ISBN:1-59593-323-9, pp: 247-256.

Khoury, N., P. Zavarsky, D. Lindskog and R. Ruhl, 2011. An analysis of black-box web application security scanners against stored SQL injection. Proceedings of the 2011 IEEE 3rd Inernational Conference on Privacy, Security, Risk and Trust (PASSAT) and Social Computing (SocialCom), October 9-11, 2011, IEEE, Boston, Massachusetts, USA., ISBN:978-1-4577-1931-8, pp: 1095-1101.

Kiani, M., A. Clark and G. Mohay, 2008. Evaluation of anomaly based character distribution models in the detection of SQL injection attacks. Proceedings of the 3rd International Conference on Availability, Reliability and Security, March 4-7, 2008, Barcelona, pp: 47-55.

Kiezun, A., P.J. Guo, K. Jayaraman and M.D. Ernst, 2009. Automatic creation of SQL injection and cross-site scripting attacks. Proceedings of the 31st International Conference on Software Engineering, May 20-22, 2009, Vancouver, BC, Canada, pp: 199-209.

Kindy, D.A. and A.S.K. Pathan, 2011. A survey on SQL injection: Vulnerabilities, attacks and prevention techniques. Proceedings of the IEEE 15th International Symposium on Consumer Electronics, June 14-17, 2011, Singapore, pp: 468-471.

Laranjeiro, N., M. Vieira and H. Madeira, 2009. Protecting Database Centric Web Services against SQL/XPath Injection Attacks. In: Database and Expert Systems Applications, Kung, J. and W. Roland (Eds.). Springer, Berlin, Germany, ISBN:978-3-642-03572-2, pp: 271-278.

Lee, I., S.J.S. Yeoc and J. Moond, 2011. A novel method for SQL injection attack detection based on removing SQL query attribute. J. Math. Comput. Mod., 55: 58-68.
CrossRef  |  Direct Link  |  

Litchfield, D., 2005. Data-mining with SQL injection and inference. Next Generation Security Software Ltd., Manchester, UK. https://www.exploit-db.com/docs/215.pdf.

Liu, A., Y. Yuan, D. Wijesekera and A. Stavrou, 2009. SQLProb: A proxy-based architecture towards preventing SQL injection attacks. Proceedings of the ACM Symposium on Applied Computing, March 8-12, 2009, Honolulu, HI., USA., pp: 2054-2061.

McClure, R.A. and I.H. Kruger, 2005. SQL DOM: Compile time checking of dynamic SQL statements. Proceedings of the 27th International Conference on Software Engineering (ICSE 2005), May 15-21, 2005, IEEE, California, USA., ISBN:1-59593-963-2, pp: 88-96.

Merlo, E., D. Letarte and G. Antoniol, 2006. Insider and ousider threat-sensitive SQL injection vulnerability analysis in PHP. Proceedings of the 13th International Working Conference on Reverse Engineering (WCRE'06), October 23-27, 2006, IEEE, Benevento, Italy, pp: 147-156.

Merlo, E., D. Letarte and G. Antoniol, 2007. Automated protection of PHP applications against SQL-injection attacks. Proceedings of the 11th European International Conference on Software Maintenance and Reengineering (CSMR'07), March 21-23, 2007, IEEE, Amsterdam, Netherlands, pp: 191-202.

Mitropoulos, D. and D. Spinellis, 2009. SDriver: Location-specific signatures prevent SQL injection attacks. Comput. Secur., 28: 121-129.
Direct Link  |  

Orso, A., W. Lee and A. Shostack, 2008. Preventing SQL code injection by combining static and runtime analysis. Master Thesis, Defense Technical Information Center, Fort Belvoir, Virginia, USA.

Rietta, F.S., 2006. Application layer intrusion detection for SQL injection. Proceedings of the 44th Annual International Conference on Southeast Regional, March 10-12, 2006, ACM, New York, USA., ISBN:1-59593-315-8, pp: 531-536.

Shahriar, H. and M. Zulkernine, 2008. MUSIC: Mutation-based SQL injection vulnerability checking. Proceedings of the 8th International Conference on Quality Software, August 12-13, 2008, Oxford, pp: 77-86.

Shin, Y., W. Laurie and X. Tao, 2006. SQLUnitGen: SQL injection testing using static and dynamic analysis. Master Thesis, Department of Computer Science, North Carolina State University, Raleigh, North Carolina.

Shrivastava, S. and R.R.K. Tripathi, 2012. Attacks due to SQL injection and their prevention method for web-application. Intl. J. Comput. Sci. Inf. Technol., 3: 3615-3618.
Direct Link  |  

Tajpour, A., M. Massrum and M.Z. Heydari, 2010. Comparison of SQL injection detection and prevention techniques. Proceeding of the 2nd International Conference Education Technology and Computer, June 22-24, 2010, Shanghai, pp: 174-179.

Tajpour, A., M.Z. Heydari, M. Masrom and S. Ibrahim, 2010. SQL injection detection and prevention tools assessment. Proceedings of the 2010 3rd IEEE International Conference on Computer Science and Information Technology (ICCSIT) Vol. 9, July 9-11, 2010, IEEE, Chengdu, China, ISBN:978-1-4244-5537-9, pp: 518-522.

Tajpour, A., Z. JorJor and M. Shooshtari, 2010. Evaluation of SQL injection detection and prevention techniques. Proceeding of the 2nd International Conference Computational Intelligence, Communication Systems and Networks, July 28-30, 2010, Liverpool, pp: 216-221.

Thomas, S. and L. Williams, 2007. Using automated fix generation to secure SQL statements. Proceedings of the 3rd International Workshop on Software Engineering for Secure Systems, May 20-26, 2007, IEEE, Washington, DC., USA., pp: 1-10.

Thomas, S., L. Williams and T. Xie, 2009. On automated prepared statement generation to remove SQL injection vulnerabilities. Inform. Software Technol., 51: 589-598.

Vieira, M., N. Antunes and H. Madeira, 2009. Using web security scanners to detect vulnerabilities in web services. Proceedings of the IEEE/IFIP International Conference on Dependable Systems and Networks, June 29-July 2, 2009, Lisbon, Portugal, pp: 566-571.

Wang, J., R.C.W. Phan, J.N. Whitley and D.J. Parish, 2010. Augmented attack tree modeling of SQL injection attacks. Proceedings of the 2nd IEEE International Conference on Information Management and Engineering, April 16-18, 2010, Chengdu, pp: 182-186.

Wei, K., M. Muthuprasanna and S. Kothari, 2006. Preventing SQL injection attacks in stored procedures. Proceedings of the International Conference on Software Engineering Australian, April 18-21, 2006, IEEE, Sydney, New South Wales, Australia, pp: 1-8.

Design and power by Medwell Web Development Team. © Medwell Publishing 2024 All Rights Reserved