عنوان المقالة:Protection Web Applications using Real-Time Technique to Detect Structured Query Language Injection Attacks
نبيل صالح علي | Nabeel Salih Ali | 10553
- نوع النشر
- مجلة علمية
- المؤلفون بالعربي
- Nabeel Salih Ali, Abd Samad Shibghatullah
- الملخص العربي
- At present, Web applications have been used for most of our life activities increasingly, and they affected by Structured Query Language Injection Attacks (SQLIAs). This attack is a method that attackers employ to impose the database in most of the web applications, by manipulate SQL queries, which sent to the Relational Database Management System (RDBMS). Hence, change the behavior of the applications. In This paper, developing Web Application SQLI Protector (WASP) tool in real-time web application to detect SQL injection attacks in stored procedures. Then, evaluated and analyze the developed tool respect to efficiency and effectiveness in practices. The propose technique uses realtime based on positive tainting, accurate and efficiency taint propagation, and syntax aware evaluation of the query strings at the application level to detect illegal queries before they reach at the database by using Microsoft ASP.NET. The developed tool effective due to it capable of detect and stop all SQLI attacks in real-time environment and did not generate any false negative, a few-false positive values in the results and impose minimal deploy requirements.
- تاريخ النشر
- 16/09/2016
- الناشر
- International Journal of Computer Applications
- رابط DOI
- 10.5120/ij
- رابط الملف
- تحميل (240 مرات التحميل)
- رابط خارجي
- http://www.ijcaonline.org/archives/volume149/number6/ali-2016-ijca-911424.pdf
- الكلمات المفتاحية
- Web applications, SQL Injection, Detection, WASP, Techniques.