Web application protection against SQL injection attack

Alazab, Ammar, Alazab, Moutaz, Abawajy, Jemal and Hobbs, Michael 2011, Web application protection against SQL injection attack, in ICITA 2011 : Proceedings of the 7th International Conference on Information Technology and Applications ICITA 2011, [IEEE], [Sydney, N.S.W], pp. 1-7.

Attached Files
Name Description MIMEType Size Downloads

Title Web application protection against SQL injection attack
Author(s) Alazab, Ammar
Alazab, Moutaz
Abawajy, Jemal
Hobbs, Michael
Conference name International Conference on Information Technology and Applications (7th : 2011 : Sydney, N.S.W.)
Conference location Sydney, N.S.W.
Conference dates 21-24 Nov. 2011
Title of proceedings ICITA 2011 : Proceedings of the 7th International Conference on Information Technology and Applications ICITA 2011
Editor(s) [Unknown]
Publication date 2011
Conference series International Conference on Information Technology and Applications
Start page 1
End page 7
Total pages 7
Publisher [IEEE]
Place of publication [Sydney, N.S.W]
Keyword(s) vulnerabilities
web application security
cybercrime
SQL injection
SQLIA
Summary SQL injection vulnerabilities poses a severe threat to web applications as an SQL Injection Attack (SQLIA) could adopt new obfuscation techniques to evade and thwart countermeasures such as Intrusion Detection Systems (IDS). SQLIA gains access to the back-end database of vulnerable websites, allowing hackers to execute SQL commands in a web application resulting in financial fraud and website defacement. The lack of existing models in providing protections against SQL injection has motivated this paper to present a new and enhanced model against web database intrusions that use SQLIA techniques. In this paper, we propose a novel concept of negative tainting along with SQL keyword analysis for preventing SQLIA and described our that we implemented. We have tested our proposed model on all types of SQLIA techniques by generating SQL queries containing legitimate SQL commands and SQL Injection Attack. Evaluations have been performed using three different applications. The results show that our model protects against 100% of tested attacks before even reaching the database layer.
ISBN 9780980326741
Language eng
Field of Research 080501 Distributed and Grid Systems
Socio Economic Objective 970108 Expanding Knowledge in the Information and Computing Sciences
HERDC Research category E1 Full written paper - refereed
HERDC collection year 2011
Copyright notice ©2011, IEEE
Persistent URL http://hdl.handle.net/10536/DRO/DU:30044843

Document type: Conference Paper
Collection: School of Information Technology
Connect to link resolver
 
Unless expressly stated otherwise, the copyright for items in DRO is owned by the author, with all rights reserved.

Versions
Version Filter Type
Access Statistics: 201 Abstract Views, 4 File Downloads  -  Detailed Statistics
Created: Tue, 01 May 2012, 11:01:51 EST

Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact drosupport@deakin.edu.au.