A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Filters
Defending Web Applications from SQL Injection Attacks using Reliable and Economic Web Application Firewall
2018
Zenodo
Preserved Fulltext
By using this attack more than 30,000 websites has been attacked in this year. In this type of attack, the attacker injects SQL commands at entry points of web application to access the database. ...
In this paper, we have developed a technique which implements a Reliable and Economical Web Application Firewall (REWAF) to prevent all types of SQL Injection Attacks. ...
It contains two phases: a learning phase, where SQL commands and transaction profiles are extracted and a detection phase, where learned profiles are used to concurrently detect SQL-based attacks. ...
doi:10.5281/zenodo.2263717
fatcat:u2fry7h535havgwny6qdj26zri
An Efficient Technique for Detection and Prevention of SQL Injection Attack in cloud
2018
International Journal for Research in Applied Science and Engineering Technology
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
To detect SQL injection attacks performing its prevention by implementing Apriori algorithm. ...
Typical SQL injection attack and prevention technologies are introduced in the paper. We propose the technique to prevent SQL injection attack. ...
Similarly we can integrate intrusion detection with dynamic profiling and event correlation to identify vulnerability of SQL injection attack. ...
doi:10.22214/ijraset.2018.4447
fatcat:dpgl32fgorgmxcqzpgewpo6oli
A Survey on the Detection of SQL Injection Attacks and Their Countermeasures
2015
Journal of Information Processing Systems
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL.
The file type is application/pdf.
The Structured Query Language (SQL) Injection continues to be one of greatest security risks in the world according to the Open Web Application Security Project's (OWASP) [1] Top 10 Security vulnerabilities ...
As the countermeasures become more sophisticated, SOL Injection Attacks also continue to evolve, thus thwarting the attempt to eliminate this attack completely. ...
Detecting and Preventing SQL Injection Attacks In order to prevent SQLIAs many techniques have been proposed. ...
doi:10.3745/jips.03.0024
fatcat:lghaxb7klvd7bbzd7syi2fa3oq
Application layer intrusion detection for SQL injection
2006
Proceedings of the 44th annual southeast regional conference on - ACM-SE 44
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2009; you can also visit the original URL.
The file type is application/pdf.
SQL injection attacks potentially affect all applications, especially web applications, that utilize a database backend. ...
This paper examines the threat from SQL injection attacks, the reasons traditional database access control is not sufficient to stop them, and some of the techniques used to detect them. ...
An ideal solution is to create an IDS sensor to be situated at the database server that will detect SQL injection attacks. ...
doi:10.1145/1185448.1185564
dblp:conf/ACMse/Rietta06
fatcat:gikohl5qmfbydb2gybx3g4eo5u
Intrusion Detection Framework for SQL Injection
[article]
2020
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
In this paper, we are proposing a new approach to detect intrusion from attackers by using SQL injection. ...
These Databases irrespective of the technology used are vulnerable to SQL injection attacks. These Attacks are considered very dangerous as well as very easy to use for attackers and intruders. ...
For this reason we recommend to run this framework at the database end when all possible SQL injection attacks are meant to be detected. ...
arXiv:2009.13868v1
fatcat:frctiahexjg7zbqeo3n66zsll4
Preventing SQL-BasedAttacks Using Intrusion Detection System
2013
International Journal of Science and Engineering Applications
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL.
The file type is application/pdf.
This make web applications vulnerable to several attacks. Among these attacks SQL injection is considered most dangerous vulnerability. ...
This paper describes various approaches used by authors to prevent SQL injection attack using various methods like intrusion detection, black box testing etc. ...
Nowadays, web applications are vulnerable to many attacks and injecting commands is in the top of this list [2] . ...
doi:10.7753/ijsea0206.1006
fatcat:hknhukdjbvellhjgmakn7fjhsy
DIWeDa - Detecting Intrusions in Web Databases
[chapter]
2008
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
We use a novel SQL Session Content Anomaly intrusion classifier and this enables us to detect not only most known attacks such as SQL Injections, but also more complex kinds of attacks such as Business ...
Contrary to any existing database intrusion detection method, our method works at the session level and not at the SQL statement or transaction level. ...
This is very important because SQL injection attacks are too common today and many web applications are prone to them. ...
doi:10.1007/978-3-540-70567-3_24
fatcat:widhgowf2bhgvi3sdjwqqh2evi
Mechanisms for database intrusion detection and response
2008
Proceedings of the 2nd SIGMOD PhD workshop on Innovative database research - IDAR '08
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2009; you can also visit the original URL.
The file type is application/pdf.
The key idea is to learn profiles of users and applications interacting with a database. A database request that deviates from these profiles is then termed as anomalous. ...
Our strategy is to develop an Intrusion Detection (ID) mechanism, implemented within the database server, that is capable of detecting anomalous user requests to a DBMS. ...
Detecting SQL Injection Attacks SQL Injection is an attack exploiting applications that construct SQL statements from user-supplied input. ...
doi:10.1145/1410308.1410318
fatcat:6kdk22xvojhbpizhmzqau4w7te
Web Anomaly Misuse Intrusion Detection Framework for SQL Injection Detection
2012
International Journal of Advanced Computer Science and Applications
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Databases at the background of e-commerce applications are vulnerable to SQL injection attack which is considered as one of the most dangerous web attacks. ...
In this paper we propose a framework based on misuse and anomaly detection techniques to detect SQL injection attack. ...
One of the most serious types of attack against web applications is SQL injection. ...
doi:10.14569/ijacsa.2012.030321
fatcat:nt2kaelnk5dwrg4pvd53nk4t7u
A Learning-Based Approach to the Detection of SQL Attacks
[chapter]
2005
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2007; you can also visit the original URL.
The file type is application/pdf.
If user input is not sanitized correctly, it is possible to mount a variety of attacks that leverage web-based applications to compromise the security of back-end databases. ...
Unfortunately, it is not always possible to identify these attacks using signature-based intrusion detection systems, because of the ad hoc nature of many web-based applications. ...
SQL Injection SQL injection is a class of attacks where un-sanitized user input is able to change the structure of an SQL query so that when it is executed it has an unintended effect on the database. ...
doi:10.1007/11506881_8
fatcat:74spjju25vdzpa6i2hhrpen6cy
RBAC+: Protecting Web Databases With Access Control Mechanism
2012
INTERNATIONAL JOURNAL OF MANAGEMENT & INFORMATION TECHNOLOGY
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
In this paper, RBAC+ Model, an extension of NIST RBAC provides a application aware access control system to prevent attacks with the notion of application, application profile and sub-application session ...
In web-based applications, due to the use of n-tier architecture, the database server has no knowledge of the web application user and hence all authorization decisions are based upon execution of specific ...
One way to protect web databases from attack like SQL injection is to use ad-hoc tools which are used to detect the attack [3] . ...
doi:10.24297/ijmit.v2i1.1407
fatcat:asizaxy34jcbjhqlud2fwu2n4e
SQL Injection Detection and Prevention Techniques in ASP.NET Web Application
2019
International journal of recent technology and engineering
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Injection in SQL (structure query language) is one of the threats to web-based apps, mobile apps and even desktop applications associated to the database. ...
To use this sort of attacks may readily hack applications and grab the private information by the attacker. ...
SQL injection attacks were associated with infringement of several high-profile information as seen in Table 2 below. Table 2 shows SQL injection attack from year 2009 to 2019.
V. ...
doi:10.35940/ijrte.c6319.098319
fatcat:74iphf22mfd2tnoip4wnn3hsym
Rule based Detection of SQL Injection Attack
2012
International Journal of Computer Applications
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL.
The file type is application/pdf.
This paper presents an effective detection method RDUD for SQL injection attack. RDUD is an enhanced version of DUD [1] . ...
Two web profiles -(i) legitimate web profile and (ii) attack web profile are generated for each of the web-application software which consists of a set of production rules extracted from the dynamic SQL ...
It is claimed that the SQL Injection scored highest rank among the web-application attacks. ...
doi:10.5120/6210-8812
fatcat:iezrxhnybzadnmq5vloyfpmjfm
Securing Web Applications against Structured Query Language Injection Attacks using a Hybrid Approach: Input Filtering and Web Application Firewall
2018
International Journal of Computer Applications
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
It seeks to create knowledge on work done by others in the area of SQL injection attacks in web applications which remains a threat up-to-date despite the numerous studies done on the same field. ...
In this paper, a literature review of the SQL injection attacks and their mitigation is presented. It shows that the study of SQL injection in general has been conducted in diverse range of areas. ...
Blind SQL injection Blind SQL Injection is used when a web application is vulnerable to an SQL injection but the results of the injection are not visible to the attacker. ...
doi:10.5120/ijca2018917666
fatcat:vwnfnfqwh5ak3huiewq3ae5mzm
Opportunistic Diversity-Based Detection of Injection Attacks in Web Applications
2018
EAI Endorsed Transactions on Security and Safety
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
In this work, we propose to employ opportunistic diversity inherent to Web applications and their database backends to detect injection attacks. ...
On the other hand, diversity has long been considered as a viable approach to detecting security attacks since functionally similar but internally different variants of an application will likely respond ...
For SQL Server database, we use Microsoft SQL Profiler to create a trace and save runtime queries to a user designated table. ...
doi:10.4108/eai.11-12-2018.156032
fatcat:4rbyn3sgfnctboeft44ng5f7zu
« Previous
Showing results 1 — 15 out of 2,258 results