An Improved Approach for SQL Injection Vulnerabilities Detection

被引：0

作者：

Zhang, Zongzhi ^{[1
]}

Wen, Qiaoyan ^{[1
]}

Zhang, Zhao ^{[1
]}

机构：

[1] Beijing Univ Posts & Telecommun, State Key Lab Network & Switching Technol, Beijing 100876, Peoples R China

来源：

INFORMATION TECHNOLOGY APPLICATIONS IN INDUSTRY, PTS 1-4 | 2013年 / 263-266卷

关键词：

SQL injection; web applications; penetration test;

D O I：

10.4028/www.scientific.net/AMM.263-266.3017

中图分类号：

TP39 [计算机的应用];

学科分类号：

081203 ; 0835 ;

摘要：

The attack of SQL injection is a well-known threat to web applications, which leads to great damages of confidentiality and integrity of information in databases. Therefore, it is essential for each web applications to detect SQL injection vulnerabilities and eliminate the hidden danger. In this paper, an approach based on penetration testing named YUKIER is proposed to achieve higher effectiveness and preciseness on identifying security vulnerabilities. We compare YUKIER with SQLiX and Paros Proxy, and the experiment results demonstrate that our proposed approach has the higher performances with respect to the existing circumstance.

引用

页码：3017 / 3020

页数：4

共 50 条

[1] A Mutation Approach of Detecting SQL Injection Vulnerabilities
Huang, Yanyu
Fu, Chuan
Chen, Xuan
Guo, Hao
He, Xiaoyu
Li, Jin
Liu, Zheli
[J]. CLOUD COMPUTING AND SECURITY, PT II, 2017, 10603 : 175 - 188
[2] Effective Detection of SQL/XPath Injection Vulnerabilities in Web Services
Antunes, Nuno
Laranjeiro, Nuno
Vieira, Marco
Madeira, Henrique
[J]. 2009 IEEE INTERNATIONAL CONFERENCE ON SERVICES COMPUTING, 2009, : 260 - 267
[3] A Machine Learning based Approach to Identify SQL Injection Vulnerabilities
Zhang, Kevin
[J]. 34TH IEEE/ACM INTERNATIONAL CONFERENCE ON AUTOMATED SOFTWARE ENGINEERING (ASE 2019), 2019, : 1286 - 1288
[4] Understanding and Discovering SQL Injection Vulnerabilities
Sarhan, Abdullaziz A.
Farhan, Shehab A.
Al-Harby, Fahad M.
[J]. ADVANCES IN HUMAN FACTORS IN CYBERSECURITY, 2018, 593 : 45 - 51
[5] An approach for SQL injection vulnerability detection
Mei Junjin
[J]. PROCEEDINGS OF THE 2009 SIXTH INTERNATIONAL CONFERENCE ON INFORMATION TECHNOLOGY: NEW GENERATIONS, VOLS 1-3, 2009, : 1411 - 1414
[6] A New Approach for SQL-Injection Detection
Shi, Cong-cong
Zhang, Tao
Yu, Yong
Lin, Weimin
[J]. INSTRUMENTATION, MEASUREMENT, CIRCUITS AND SYSTEMS, 2012, 127 : 245 - 254
[7] Correlation Approach for SQL Injection Attacks Detection
Choras, Michal
Kozik, Rafal
Puchalski, Damian
Holubowicz, Witold
[J]. INTERNATIONAL JOINT CONFERENCE CISIS'12 - ICEUTE'12 - SOCO'12 SPECIAL SESSIONS, 2013, 189 : 177 - +
[8] A Rejection-Based Approach for Detecting SQL Injection Vulnerabilities in Web Applications
Saoudi, Lalia
Adi, Kamel
Boudraa, Younes
[J]. FOUNDATIONS AND PRACTICE OF SECURITY, FPS 2019, 2020, 12056 : 379 - 386
[9] Source Code Patterns of SQL Injection Vulnerabilities
Schuckert, Felix
Katt, Basel
Langweg, Hanno
[J]. PROCEEDINGS OF THE 12TH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY (ARES 2017), 2017,
[10] Detecting SQL Injection Vulnerabilities in Web Services
Antunes, Nuno
Vieira, Marco
[J]. LADC: 2009 4TH LATIN-AMERICAN SYMPOSIUM ON DEPENDABLE COMPUTING, 2009, : 17 - 24

← 1 2 3 4 5 →