SQLStor: Blockage of stored procedure SQL injection attack using dynamic query structure validation

机译：SQLStor：使用动态查询结构验证阻止存储过程SQL注入攻击

获取原文

获取原文并翻译 | 示例

页面导航

摘要
著录项
相似文献
相关主题

摘要

Web applications are becoming an important part of our daily life. So attacks against them also increases rapidly. Of these attacks, a major role is held by SQL injection attacks (SQLIA). This paper proposes a new method for preventing SQL injection attacks in JSP web applications. The basic idea is to check before execution, the intended structure of the SQL query. For this we use semantic comparison. This method prevents different kinds of injection attacks including stored procedure attack which is more difficult and less considered in the literature.

机译：Web应用程序正在成为我们日常生活的重要组成部分。因此，针对他们的攻击也迅速增加。在这些攻击中，SQL注入攻击（SQLIA）扮演着主要角色。本文提出了一种防止JSP Web应用程序中SQL注入攻击的新方法。基本思想是在执行之前检查SQL查询的预期结构。为此，我们使用语义比较。这种方法可以防止各种类型的注入攻击，包括存储过程攻击，这在文献中更为困难且较少考虑。

著录项

来源
《2012 12th International Conference on Intelligent Systems Design and Applications.》|2012年|p.240-245|共6页
会议地点 Kochi(IN);Kochi(IN)
作者
Mamadhan Sruthy; Manesh T; Paul Varghese;
展开▼
作者单位

Department of CS, Adi Shankara Institute of Engineering Technology, Kalady, India;

展开▼
会议组织
原文格式 PDF
正文语种 eng
中图分类人工智能理论;人工智能理论;
关键词
Arraylist; Parse Tree; SQL injection; Semantics; Web application;

机译：Arraylist;解析树; SQL注入;语义; Web应用程序;;
入库时间 2022-08-26 14:01:01

相似文献

外文文献
中文文献
专利

1. Development and Validation of Queries Using Structured Query Language (SQL) to Determine the Utilization of Comparison Imaging in Radiology Reports Stored on PACS [J] . Paras Lakhani M.D., Elliot D. Menschik M.D., Ph.D., Journal of Digital Imaging . 2006,第1期

机译：开发和验证查询，使用结构化查询语言（SQL）确定存储在PACS上的放射学报告中比较成像的利用率
2. Blocking of SQL Injection Attacks by Comparing Static and Dynamic Queries [J] . Jaskanwal Minhas, Raman Kumar International Journal of Computer Network and Information Security . 2013,第2期

机译：通过比较静态和动态查询来阻止SQL注入攻击
3. SQL Injection Attack classification through the feature extraction of SQL query strings using a Gap-Weighted String Subsequence Kernel [J] . Paul R. McWhirter, Kashif Kifayat, Qi Shi, Information Security Technical Report . 2018,第JUNa期

机译：通过使用Gap-Weighted字符串子序列内核提取SQL查询字符串的特征来进行SQL Injection Attack分类
4. SQLStor: Blockage of stored procedure SQL injection attack using dynamic query structure validation [C] . Mamadhan Sruthy, Manesh T, Paul Varghese International Conference on Intelligent Systems Design and Applications . 2012

机译：SQLSTOR：使用动态查询结构验证阻塞存储过程SQL注入攻击
5. Scalable Conversion of Textual Unstructured Data to NoSQL Graph Representation Using Berkeley DB Key-Value Store for Efficient Querying [D] . Varghese, Jasmine Manoj. 2017

机译：使用Berkeley DB键值存储将文本非结构化数据可扩展转换为NoSQL图形表示形式，以实现高效查询
6. Development and Validation of Queries Using Structured Query Language (SQL) to Determine the Utilization of Comparison Imaging in Radiology Reports Stored on PACS [O] . Paras Lakhani, Elliot D. Menschik, Alberto F. Goldszal, 2006

机译：开发和验证查询使用结构化查询语言（SQL）确定存储在PACS上的放射学报告中比较成像的利用率
7. Development and Validation of Queries Using Structured Query Language (SQL) to Determine the Utilization of Comparison Imaging in Radiology Reports Stored on PACS [O] . Lakhani, Paras, Menschik, Elliot D., Goldszal, Alberto F., 2006

机译：开发和验证查询，使用结构化查询语言（SQL）确定存储在PACS上的放射学报告中比较成像的利用率

SQLStor: Blockage of stored procedure SQL injection attack using dynamic query structure validation

摘要

著录项

相似文献

相关主题

期刊订阅