Runtime Monitors to Detect and Prevent Union Query based SQL Injection Attacks

被引：3

作者：

Dharam, Ramya ^{[1
]}

Shiva, Sajjan. G. ^{[1
]}

机构：

[1] Univ Memphis, Dept Comp Sci, Memphis, TN 38152 USA

来源：

PROCEEDINGS OF THE 2013 10TH INTERNATIONAL CONFERENCE ON INFORMATION TECHNOLOGY: NEW GENERATIONS | 2013年

关键词：

Runtime Monitors; Union Queries; SQL Injection Attacks; Data-flow Testing; Basis-path Testing;

D O I：

10.1109/ITNG.2013.57

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Web applications are increasingly used in recent years to provide online services such as banking, shopping, social networking, etc. These applications operate with sensitive user information and hence there is a high need for assuring their confidentiality, integrity, and availability. Existing pre-deployment testing techniques, tools, and methodologies do not assure complete analysis, execution and testing of all possible behaviors of the software. This causes the software to sometimes behave differently than what it was designed for during its post-deployment. Such a deviation in the system's behavior, also termed as "Software Anomaly," is mostly due to external attacks such as Path Traversal Attacks, SQL Injection Attacks, etc., that in turn affect confidential user information stored in the application. In this paper, we present and evaluate a framework called Runtime Monitoring Framework to handle union query based SQL Injection Attacks.

引用

页码：357 / 362

页数：6

共 14 条

[1] [Anonymous], 2004, ASPECTJ COOKBOOK
[2] [Anonymous], P IEEE INT S SEC SOF
[3] Buehrer G. T., 2005, INT WORKSH SOFTW ENG
[4] Dharam R., 2012, INT C CYB SEC CYB WA
[5] Fu Xiang, 2008, P 2008 WORKSH TEST A
[6] Halfond W. G., 2005, P IEEE ACM INT C AUT
[7] Halfond W. G. J., 2005, P 3 INT WORKSH DYN A
[8] Halfond W. G. J., 2006, SIGSOFT 06 FSE 14 P
[9] Khan M.E., 2011, Int. Journal of Software Engineering and its Applications, V5
[10] Livshits V. B., 2005, P 14 US SEC S

← 1 2 →