عنوان المقالة:Protection Web Applications using Real-Time Technique to Detect Structured Query Language Injection Attacks
نبيل صالح علي | Nabeel Salih Ali | 10842
نوع النشر
مجلة علمية
المؤلفون بالعربي
Nabeel Salih Ali, Abd Samad Shibghatullah
الملخص العربي
At present, Web applications have been used for most of our life activities increasingly, and they affected by Structured Query Language Injection Attacks (SQLIAs). This attack is a method that attackers employ to impose the database in most of the web applications, by manipulate SQL queries, which sent to the Relational Database Management System (RDBMS). Hence, change the behavior of the applications. In This paper, developing Web Application SQLI Protector (WASP) tool in real-time web application to detect SQL injection attacks in stored procedures. Then, evaluated and analyze the developed tool respect to efficiency and effectiveness in practices. The propose technique uses realtime based on positive tainting, accurate and efficiency taint propagation, and syntax aware evaluation of the query strings at the application level to detect illegal queries before they reach at the database by using Microsoft ASP.NET. The developed tool effective due to it capable of detect and stop all SQLI attacks in real-time environment and did not generate any false negative, a few-false positive values in the results and impose minimal deploy requirements.
تاريخ النشر
16/09/2016
الناشر
International Journal of Computer Applications
رابط DOI
10.5120/ij
رابط الملف
تحميل (240 مرات التحميل)
رابط خارجي
http://www.ijcaonline.org/archives/volume149/number6/ali-2016-ijca-911424.pdf
الكلمات المفتاحية
Web applications, SQL Injection, Detection, WASP, Techniques.
رجوع