SQLIVD - AOP: Preventing SQL Injection Vulnerabilities Using Aspect Oriented Programming through Web Services
作者: V. Shanmughaneethi , Ra. Yagna Pravin , C. Emilin Shyni , S. Swamynathan
DOI: 10.1007/978-3-642-22577-2_45
关键词:
摘要: Security remains a major threat to the entire Web for many kinds of transactions. Most threats are created through application level vulnerabilities and have been exploited with serious consequences. Among various types vulnerabilities, command injection is most common type in web applications. attack, SQL attacks extremely prevalent, ranked as second form attack on web. involve construction application’s input data that will result execution malicious statements. Hence, this paper (SQLIVD-AOP) proposes mechanism intercept statements without any modification an using Aspect Oriented Programming analyze query its legitimacy, customize errors. This different from others by interception separation main scripting code code. The validations detections implemented means services.
springer.com
sci-hub.st 参考文章(8)
Chris Anley, Advanced SQL Injection In SQL Server Applications ,(2002)
David Morgan, SQL Injection: Web application security - SQL injection attacks Network Security archive. ,vol. 2006, pp. 4- 5 ,(2006) , 10.1016/S1353-4858(06)70353-1
C. Welty, Correcting user errors in SQL International Journal of Human-computer Studies \/ International Journal of Man-machine Studies. ,vol. 22, pp. 463- 477 ,(1985) , 10.1016/S0020-7373(85)80051-1
Gregory T. Buehrer, Bruce W. Weide, Paolo A. G. Sivilotti, Using parse tree validation to prevent SQL injection attacks Proceedings of the 5th international workshop on Software engineering and middleware - SEM '05. pp. 106- 113 ,(2005) , 10.1145/1108473.1108496
Johannes B. Ullrich, Jason Lam, SQL Injection: Defacing websites via SQL injection Network Security archive. ,vol. 2008, pp. 9- 10 ,(2008) , 10.1016/S1353-4858(08)70007-2
Gabriel Hermosillo, Roberto Gomez, Lionel Seinturier, Laurence Duchien, Using Aspect Programming to Secure Web Applications Journal of Software. ,vol. 2, pp. 53- 63 ,(2007) , 10.4304/JSW.2.6.53-63
W.G.J. Halfond, A. Orso, P. Manolios, WASP: Protecting Web Applications Using Positive Tainting and Syntax-Aware Evaluation IEEE Transactions on Software Engineering. ,vol. 34, pp. 65- 81 ,(2008) , 10.1109/TSE.2007.70748
Zhendong Su, Gary Wassermann, The essence of command injection attacks in web applications symposium on principles of programming languages. ,vol. 41, pp. 372- 382 ,(2006) , 10.1145/1111037.1111070