SQL Injection Is Still Alive: A Study on SQL Injection Signature Evasion Techniques
作者: Amirmohammad Sadeghian , Mazdak Zamani , Suhaimi Ibrahim
关键词: Data Transformation Services 、 SQL 、 Computer science 、 Taint checking 、 SQL injection 、 Web application security 、 Business Intelligence Markup Language 、 Language Integrated Query 、 Computer security 、 Open Database Connectivity
摘要: SQL injection is one of the biggest challenges for web application security. Based on studies by OWASP, has highest rank in based vulnerabilities. In case a successful attack, attacker can have access to database. With rapid rise attacks, researchers start provide different security solutions protect against them. One most common using firewalls. Usually these firewalls use signature technique as main core detection. this firewall checks each packet list predefined attacks known signatures. The problem with that, an good knowledge language change look queries way that cannot detect them but still they lead same malicious results. paper first we described nature then analyzed current detection evasion techniques and how bypass filters, afterward proposed combination which helps mitigate risk attack.
sci-hub.se 参考文章(4)
Riccardo Focardi, Flaminia L. Luccio, Marco Squarcina, Fast SQL blind injections in high latency networks ieee aess european conference on satellite telecommunications. pp. 1- 6 ,(2012) , 10.1109/ESTEL.2012.6400112
Nuno Antunes, Marco Vieira, Defending against Web Application Vulnerabilities IEEE Computer. ,vol. 45, pp. 66- 72 ,(2012) , 10.1109/MC.2011.259
Syed Obaid Amin, Muhammad Shoaib Siddiqui, Choong Seon Hong, Jongwon Choe, A novel coding scheme to implement signature based IDS in IP based Sensor Networks integrated network management. pp. 269- 274 ,(2009) , 10.1109/INMW.2009.5195973
Lwin Khin Shar, Hee Beng Kuan Tan, Defeating SQL Injection IEEE Computer. ,vol. 46, pp. 69- 77 ,(2013) , 10.1109/MC.2012.283