Title :
Runtime Monitors to Detect and Prevent Union Query Based SQL Injection Attacks
Author :
Dharam, Ramya ; Shiva, Sajjan G.
Author_Institution :
Dept. of Comput. Sci., Univ. of Memphis, Memphis, TN, USA
Abstract :
Web applications are increasingly used in recent years to provide online services such as banking, shopping, social networking, etc. These applications operate with sensitive user information and hence there is a high need for assuring their confidentiality, integrity, and availability. Existing pre-deployment testing techniques, tools, and methodologies do not assure complete analysis, execution and testing of all possible behaviors of the software. This causes the software to sometimes behave differently than what it was designed for during its post-deployment. Such a deviation in the system\´s behavior, also termed as "Software Anomaly," is mostly due to external attacks such as Path Traversal Attacks, SQL Injection Attacks, etc., that in turn affect confidential user information stored in the application. In this paper, we present and evaluate a framework called Runtime Monitoring Framework to handle union query based SQL Injection Attacks.
Keywords :
Internet; SQL; data flow analysis; query processing; security of data; system monitoring; Web applications; runtime monitors; software anomaly; union query based SQL injection attack detection; union query based SQL injection attack prevention; Databases; Law; Monitoring; Runtime; Software; Testing; Basis-path Testing; Data-flow Testing; Runtime Monitors; SQL Injection Attacks; Union Queries;
Conference_Titel :
Information Technology: New Generations (ITNG), 2013 Tenth International Conference on
Conference_Location :
Las Vegas, NV
Print_ISBN :
978-0-7695-4967-5
DOI :
10.1109/ITNG.2013.57
