Research on the Technology of Detecting the SQL Injection Attack and Non-Intrusive Prevention in WEB System

被引：4

作者：

Hu, Haibin ^{[1
]}

机构：

[1] China West Normal Univ, Educ & Informat Technol Ctr, Nanchong 637002, Sichuan, Peoples R China

来源：

MATERIALS SCIENCE, ENERGY TECHNOLOGY, AND POWER ENGINEERING I | 2017年 / 1839卷

关键词：

SQL injection attack; WEB application; non-intrusive; defense technology; GENERATION;

D O I：

10.1063/1.4982570

中图分类号：

TE [石油、天然气工业]; TK [能源与动力工程];

学科分类号：

0807 ; 0820 ;

摘要：

Among numerous WEB security issues, SQL injection is the most notable and dangerous. In this study, characteristics and procedures of SQL injection are analyzed, and the method for detecting the SQL injection attack is illustrated. The defense resistance and remedy model of SQL injection attack is established from the perspective of non-intrusive SQL injection attack and defense. Moreover, the ability of resisting the SQL injection attack of the server has been comprehensively improved through the security strategies on operation system, IIS and database, etc.. Corresponding codes are realized. The method is well applied in the actual projects.

引用

页数：8

共 18 条

[1] An Efficient Technique for Detection and Prevention of SQL Injection Attack using ASCII Based String Matching
Balasundaram, Indrani
Ramaraj, E.
[J]. INTERNATIONAL CONFERENCE ON COMMUNICATION TECHNOLOGY AND SYSTEM DESIGN 2011, 2012, 30 : 183 - 190
[2] CLARKE J., 2012, SQL INJECTION ATTACK
[3] Detecting SQL injection attacks using query result size
Jang, Young-Su
Choi, Jin-Young
[J]. COMPUTERS & SECURITY, 2014, 44 : 104 - 118
[4] A novel method for SQL injection attack detection based on removing SQL query attribute values
Lee, Inyong
Jeong, Soonki
Yeo, Sangsoo
Moon, Jongsub
[J]. MATHEMATICAL AND COMPUTER MODELLING, 2012, 55 (1-2) : 58 - 68
[5] Li Yulin, 2006, MASTERING ASP NET 2, P9
[6] LIU Shuai, 2009, COMPUTER KNOWLEDGE T, V5, P7870
[7] LIU Shuai, 2009, COMPUTER KNOWLEDGE T, V5, P7898
[8] Generation of SQL-injection free secure algorithm to detect and prevent SQL-injection attacks
Natarajan, Kanchana
Subramani, Sarala
[J]. 2ND INTERNATIONAL CONFERENCE ON COMPUTER, COMMUNICATION, CONTROL AND INFORMATION TECHNOLOGY (C3IT-2012), 2012, 4 : 790 - 796
[9] Qi Mingxingchen, 2010, WHITE PAPER DEFENSE, P3
[10] On automated prepared statement generation to remove SQL injection vulnerabilities
Thomas, Stephen
Williams, Laurie
Xie, Tao
[J]. INFORMATION AND SOFTWARE TECHNOLOGY, 2009, 51 (03) : 589 - 598

← 1 2 →