Automatic Whitelist Generation for SQL Queries Using Web Application Tests

被引：0

作者：

Nomura, Komei ^{[1
]}

Rikitake, Kenji ^{[1
,2
]}

Matsumoto, Ryosuke ^{[3
]}

机构：

[1] GMO Pepabo Inc, Pepabo R&D Inst, Tokyo, Japan

[2] KRPEO, Tokyo, Japan

[3] SAKURA Internet Inc, SAKURA Res Ctr, Osaka, Japan

来源：

2019 IEEE 43RD ANNUAL COMPUTER SOFTWARE AND APPLICATIONS CONFERENCE (COMPSAC), VOL 2 | 2019年

关键词：

D O I：

10.1109/COMPSAC.2019.10250

中图分类号：

TP39 [计算机的应用];

学科分类号：

081203 ; 0835 ;

摘要：

Stealing confidential information from a database has become a severe vulnerability issue for web applications. The attacks can be prevented by defining a whitelist of SQL queries issued by web applications and detecting queries not in list. For large-scale web applications, automated generation of the whitelist is conducted because manually defining numerous query patterns is impractical for developers. Conventional methods for automated generation are unable to detect attacks immediately because of the long time required for collecting legitimate queries. Moreover, they require application-specific implementations that reduce the versatility of the methods. As described herein, we propose a method to generate a whitelist automatically using queries issued during web application tests. Our proposed method uses the queries generated during application tests. It is independent of specific applications, which yields improved timeliness against attacks and versatility for multiple applications.

引用

页码：465 / 470

页数：6

共 50 条

[41] Research on SQL Injection Attacks and Defense in Web Application
Dai, Hong
Guo, Ying-Hui
2015 International Conference on Software Engineering and Information System (SEIS 2015), 2015, : 420 - 426
[42] Web application security by SQL injection detection tools
Tajpour, A., 2012, International Journal of Computer Science Issues (IJCSI) (09): : 2 - 3
[43] Ontology-Based System for Automatic SQL Exercises Generation
Basse, Adrien
Diatta, Baboucar
Ouya, Samuel
INTERNET OF THINGS, INFRASTRUCTURES AND MOBILE APPLICATIONS, 2021, 1192 : 738 - 749
[44] Mitigation from SQL Injection Attacks on Web Server using Open Web Application Security Project Framework
Fadlil, A.
Riadi, I.
Mu'min, M. A.
INTERNATIONAL JOURNAL OF ENGINEERING, 2024, 37 (04): : 635 - 645
[45] Web Application for Automatic Code Generator Using a Structured Flowchart
Supaartagorn, Chanchai
PROCEEDINGS OF 2017 8TH IEEE INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING AND SERVICE SCIENCE (ICSESS 2017), 2017, : 114 - 117
[46] Semantic web application generation using protege tool
Jambhulkar, Sanket V.
Karale, S. J.
PROCEEDINGS OF 2016 ONLINE INTERNATIONAL CONFERENCE ON GREEN ENGINEERING AND TECHNOLOGIES (IC-GET), 2016,
[47] Automatic Generation of Test Models for Web Services Using WSDL and OCL
Lopez, Macias
Ferreiro, Henrique
Francisco, Miguel A.
Castro, Laura M.
SERVICE-ORIENTED COMPUTING, ICSOC 2013, 2013, 8274 : 483 - 490
[48] Automatic Generation of Web Service Composition Templates Using WSDL Descriptions
Kamath, S. Sowmya
Alse, Suresh
Prasad, Prajwal
Chennagiri, Abhay R.
INFORMATION SYSTEMS DESIGN AND INTELLIGENT APPLICATIONS, VOL 2, 2015, 340 : 317 - 325
[49] Automatic metadata generation for Web pages using a text mining approach
Yang, HC
Lee, CH
INTERNATIONAL WORKSHOP ON CHALLENGES IN WEB INFORMATION RETRIEVAL AND INTEGRATION, PROCEEDINGS, 2005, : 186 - 194
[50] Automatic Generation of Web User Interfaces in PHP Using Database Metadata
Mgheder, Mohamed A.
Ridley, M. J.
2008 3RD INTERNATIONAL CONFERENCE ON INTERNET AND WEB APPLICATIONS AND SERVICES (ICIW 2008), 2008, : 426 - 430

← 1 2 3 4 5 →