Title :
A combined approach to prevent SQL Injection Attacks
Author :
Dogbe, Evans ; Millham, Richard ; Singh, Prashant
Author_Institution :
Durban Univ. of Technol., Durban, South Africa
Abstract :
In order to adapt to changing business requirements, information systems are often migrated to the Web but, in doing so, these systems often have their security vulnerabilities exposed to a wider range of attacks. One of the most prominent type of security attacks faced by these systems, according to Mitre Corporation, are SQL Injection Attacks (SQLIA). In this paper, we examine different approaches to detect and protect against SQLIA, each with their strengths and weaknesses, and then propose a combined approach of SQLIA prevention techniques (the fine grained Role Based Access Control [RBAC] and static and dynamic analysis of SQL parse trees) in order to maximise the advantages of each method and to ensure that a second line of defence is provided, in case the first method fails.
Keywords :
Internet; SQL; authorisation; business data processing; information systems; program diagnostics; Mitre Corporation; RBAC; SQL injection attacks; SQL parse trees; SQLIA prevention techniques; World Wide Web; business requirements; dynamic analysis; information systems; role based access control; security vulnerabilities; static analysis; Access control; Business; Computer hacking; Data models; Monitoring; Vegetation; RBAC; SQL Injection attack; SQLIA prevention;
Conference_Titel :
Science and Information Conference (SAI), 2013
Conference_Location :
London
