Title :
A new algorithm for detecting SQL injection attack in Web application
Author :
Lounis, Ouarda ; Bouhouita Guermeche, Salah Eddine ; Saoudi, Lalia ; Benaicha, Salah Eddine
Author_Institution :
Comput. Sci. Dept., Univ. of Mohamed Boudiaf of M´Sila, M´Sila, Algeria
Abstract :
Nowadays, the security of applications and Web servers is a new trend that finds its need on the Web. The number of vulnerabilities identified in this type of applications is constantly increasing especially SQL injection attack. It is therefore necessary to regularly audit Web applications to verify the presence of exploitable vulnerabilities. Web vulnerability scanner WASAPY is one of the audit tool, it uses an algorithm which bases on a classification techniques of pages obtained by sending HTTP requests especially formatted. We propose in this paper a new algorithm which was built in a vision to improve rather to supplement the logic followed in modeling WASAPY tool. The tool was supplemented by a new class reflecting the legitimate appearance or referential, therefore, the detection mechanism was solidly built on a statistic in a fairly clear mathematical framework described by a simple geometric representation or interpretation.
Keywords :
Internet; SQL; auditing; classification; hypermedia; security of data; HTTP requests; SQL injection attack detection; WASAPY; Web application; Web server security; Web vulnerability scanner; audit tool; geometric representation; page classification technique; Couplings; Navigation; Safety; Security; Syntactics; Vectors; Web pages; SQL injection attack; Web Application; Web vulnerabilities; scanner Web; security;
Conference_Titel :
Science and Information Conference (SAI), 2014
Conference_Location :
London
Print_ISBN :
978-0-9893-1933-1
DOI :
10.1109/SAI.2014.6918246