Title :
Evaluation of SQL Injection Detection and Prevention Techniques
Author :
Tajpour, Atefeh ; Shooshtari, Mohammad JorJor zade
Author_Institution :
Centre for Adv. Software Eng. (CASE), Univ. Technol. Malaysia, Kuala Lumpur, Malaysia
Abstract :
Database driven web application are threaten by SQL Injection Attacks (SQLIAs) because this type of attack can compromise confidentiality and integrity of information in databases. Actually, an attacker intrudes to the web application database and consequently, access to data. For stopping this type of attack different approaches have been proposed by researchers but they are not enough because usually they have limitations. Indeed, some of these approaches have not implemented yet and also most of implemented approaches cannot stop all type of attacks. In this paper all type of SQL injection attack and also different approaches which can detect or prevent them are presented. Finally we evaluate these approaches against all types of SQL injection attacks and deployment requirements.
Keywords :
Internet; SQL; data integrity; data privacy; query processing; security of data; SQL injection attacks; SQL injection detection; SQL injection prevention; data access; database driven Web application; information confidentiality; information integrity; SQL Injection Attacks; detection; evaluation; prevention; technique.;
Conference_Titel :
Computational Intelligence, Communication Systems and Networks (CICSyN), 2010 Second International Conference on
Conference_Location :
Liverpool
Print_ISBN :
978-1-4244-7837-8
Electronic_ISBN :
978-0-7695-4158-7
DOI :
10.1109/CICSyN.2010.55
