| Συγγραφείς: | Kemalis K., Tzouramanis T. |
|---|
| Τίτλος: | SQL-IDS: A Specification-based Approach for SQL-Injection Detection |
|---|
| Συνέδριο: | 23rd ACM Symposium on Applied Computing (ACM SAC 2008) - Computer Security Track |
|---|
| Editors: | |
|---|
| Ed: | Όχι |
|---|
| Eds: | Όχι |
|---|
| Σελίδες: | |
|---|
| Να εμφανιστεί: | Όχι |
|---|
| Μήνας: | Μάρτιος |
|---|
| Έτος: | 2008 |
|---|
| Τόπος: | Fortaleza, Ceara, Brazil |
|---|
| Εκδότης: | ACM Press, http://tinyurl.com/qxu74na |
|---|
| Δεσμός: | |
|---|
| Όνομα αρχείου: | |
|---|
| Περίληψη: | Vulnerabilities in web applications allow malicious users to obtain unrestricted access to private and confidential information. SQL injection attacks rank at the top of the list of threats directed at any database-driven application written for the Web. An attacker can take advantages of web application programming security flaws and pass unexpected malicious SQL statements through a web application for execution by the back-end database. This paper proposes a novel specification-based methodology for the detection of exploitations of SQL injection vulnerabilities. The new approach on the one hand utilizes specifications that define the intended syntactic structure of SQL queries that are produced and executed by the web application and on the other hand monitors the application for executing queries that are in violation of the specification. |
|---|
English