DocumentCode :
266059
Title :
A new algorithm for detecting SQL injection attack in Web application
Author :
Lounis, Ouarda ; Bouhouita Guermeche, Salah Eddine ; Saoudi, Lalia ; Benaicha, Salah Eddine
Author_Institution :
Comput. Sci. Dept., Univ. of Mohamed Boudiaf of M´Sila, M´Sila, Algeria
fYear :
2014
fDate :
27-29 Aug. 2014
Firstpage :
589
Lastpage :
594
Abstract :
Nowadays, the security of applications and Web servers is a new trend that finds its need on the Web. The number of vulnerabilities identified in this type of applications is constantly increasing especially SQL injection attack. It is therefore necessary to regularly audit Web applications to verify the presence of exploitable vulnerabilities. Web vulnerability scanner WASAPY is one of the audit tool, it uses an algorithm which bases on a classification techniques of pages obtained by sending HTTP requests especially formatted. We propose in this paper a new algorithm which was built in a vision to improve rather to supplement the logic followed in modeling WASAPY tool. The tool was supplemented by a new class reflecting the legitimate appearance or referential, therefore, the detection mechanism was solidly built on a statistic in a fairly clear mathematical framework described by a simple geometric representation or interpretation.
Keywords :
Internet; SQL; auditing; classification; hypermedia; security of data; HTTP requests; SQL injection attack detection; WASAPY; Web application; Web server security; Web vulnerability scanner; audit tool; geometric representation; page classification technique; Couplings; Navigation; Safety; Security; Syntactics; Vectors; Web pages; SQL injection attack; Web Application; Web vulnerabilities; scanner Web; security;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Science and Information Conference (SAI), 2014
Conference_Location :
London
Print_ISBN :
978-0-9893-1933-1
Type :
conf
DOI :
10.1109/SAI.2014.6918246
Filename :
6918246
Link To Document :
بازگشت