Improvement in diversify active defense for web application by using language and database heterogeneity

摘要

According to OWASP selected web application Top 10 vulnerabilities in 2013 and 2017, structured query language (SQL) injection is consistently ranked the 1st. Therefore, the protection of SQL injection, which is one of the most prevalent and pernicious security issues, requires strengthening. Furthermore, there are numerous unknown vulnerabilities and potential threats in cyber-space. In this case, the active defense based on structural diversity can play an effective role to prevent the hacker from exploiting known or unknown vulnerabilities. And on the basis of structural diversity, we propose a modified method, heterogeneous language, combined with heterogeneous database in data storage layer, to establish an active defense model for data security. We empirically assess the impact of the vulnerability and conclude by testing the accuracy and performance, showing that our security model can not suffer from the same vulnerability as the unprotected one. Finally, the future work and research direction are discussed.