TransSQL: A translation and validation-based solution for SQL-injection attacks

Kai Xiang Zhang, Chia Jun Lin, Shih Jen Chen, Yanling Hwang, Hao Lun Huang, Fu Hau Hsu

研究成果: 書貢獻/報告類型會議論文篇章同行評審

16 引文 斯高帕斯(Scopus)

摘要

SQL injection attacks, a class of injection flaw in which specially crafted input strings leads to illegal queries to databases, are one of the topmost threats to web applications. A number of research prototypes and commercial products that maintain the queries structure in web applications have been developed. But these techniques either fail to address the full scope of the problem or have limitations. Based on our observation that the injected string in a SQL injection attack is interpreted differently on different databases, in this paper, we propose a novel and effective solution TransSQL to solve this problem. TransSQL automatically translates a SQL request to a LDAP-equivalent request. After queries are executed on a SQL database and a LDAP one, TransSQL checks the difference in responses between a SQL database and a LDAP one to detect and block SQL injection attacks. Experimental results show that TransSQL is an effective and efficient solution against SQL injection attacks.

原文???core.languages.en_GB???
主出版物標題Proceedings - 1st International Conference on Robot, Vision and Signal Processing, RVSP 2011
頁面248-251
頁數4
DOIs
出版狀態已出版 - 2011
事件1st International Conference on Robot, Vision and Signal Processing, RVSP 2011 - Kaohsiung, Taiwan
持續時間: 21 11月 201123 11月 2011

出版系列

名字Proceedings - 1st International Conference on Robot, Vision and Signal Processing, RVSP 2011

???event.eventtypes.event.conference???

???event.eventtypes.event.conference???1st International Conference on Robot, Vision and Signal Processing, RVSP 2011
國家/地區Taiwan
城市Kaohsiung
期間21/11/1123/11/11

指紋

深入研究「TransSQL: A translation and validation-based solution for SQL-injection attacks」主題。共同形成了獨特的指紋。

引用此