عنوان المقالة:A FOUR-PHASE METHODOLOGY FOR PROTECTING WEB APPLICATIONS USING AN EFFECTIVE REAL-TIME TECHNIQUE
نبيل صالح علي | Nabeel Salih Ali | 10447
نوع النشر
مجلة علمية
المؤلفون بالعربي
Nabeel Salih Ali
الملخص العربي
Web applications have become widely pervasive in all types of Internet-based services. Thus, security is one of the major concerns as most web applications suffer from vulnerabilities, making them attractive targets for security attacks. Structured Query Language Injection Attack (SQLIA) on stored procedures poses serious threats in the underlying database of any application. This article presents the methodological issues of developing a web application SQLI protector tool to detect stored procedures of SQLIAs. Our technique uses real-time settings based on positive tainting approach, accurate and efficient taint propagation and syntax-aware evaluation of the query strings at the application level are used to detect illegal queries before they reach the database. Then, the proposed tool is evaluated based on its efficiency and effectiveness in practices. In addition, detection techniques used are also analysed. The developed tool is effective given its capability to detect and stop all SQLIAs in a real-time environment.
تاريخ النشر
18/03/2016
الناشر
Inderscience Enterprises
رابط DOI
DOI: 10.15
رابط خارجي
http://www.inderscience.com/info/inarticle.php?artid=83008
الكلمات المفتاحية
web applications; structured query language; SQL injection; SQLI attacks; injection attacks; stored
رجوع