Eliminating SQL Injection Attacks - A Transparent Defense Mechanism

Philadelphia, Pennsylvania, USA September 23-September 24

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/WSE.2006.9

Eighth IEEE International Symposium o ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by M. Muthuprasanna Articles by Ke Wei Articles by Suraj Kothari

	ASCII Text	x
	M. Muthuprasanna, Ke Wei, Suraj Kothari, "Eliminating SQL Injection Attacks - A Transparent Defense Mechanism," Web Site Evolution, IEEE International Workshop on, pp. 22-32, Eighth IEEE International Symposium on Web Site Evolution (WSE'06), 2006.

	BibTex	x
	@article{ 10.1109/WSE.2006.9, author = {M. Muthuprasanna and Ke Wei and Suraj Kothari}, title = {Eliminating SQL Injection Attacks - A Transparent Defense Mechanism}, journal ={Web Site Evolution, IEEE International Workshop on}, volume = {0}, year = {2006}, issn = {1550-4441}, pages = {22-32}, doi = {http://doi.ieeecomputersociety.org/10.1109/WSE.2006.9}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Web Site Evolution, IEEE International Workshop on TI - Eliminating SQL Injection Attacks - A Transparent Defense Mechanism SN - 1550-4441 SP22 EP32 A1 - M. Muthuprasanna, A1 - Ke Wei, A1 - Suraj Kothari, PY - 2006 KW - null VL - 0 JA - Web Site Evolution, IEEE International Workshop on ER -

M. Muthuprasanna, Iowa State University, Ames, IA, USA

Ke Wei, Iowa State University, Ames, IA, USA

Suraj Kothari, Iowa State University, Ames, IA, USA

The widespread adoption of web services as an instant means of information dissemination and various other transactions, has essentially made them a key component of today?s Internet infrastructure. Web-based systems comprise both of infrastructure components and of applicationspecific code. Various organizations have started extensively deploying Intrusion Detection/Prevention Systems and Firewalls as a means of securing their vital installations. However, very little emphasis is laid on securing the applications that run on these systems, apart from frequent updates and patching. SQL-Injection Attacks are a class of attacks that many of these systems are highly vulnerable to, and there is no known fool-proof defense against such attacks. In this paper, we propose a technique, which combines static application code analysis with runtime validation to detect the occurrence of such attacks. The deployment of this technique eliminates the need to modify source code of application scripts, additionally allowing seamless integration with currently-deployed systems. We provide various optimizations improving overall efficiency, and also preliminary evaluation of prototype developed.

Citation:

M. Muthuprasanna, Ke Wei, Suraj Kothari, "Eliminating SQL Injection Attacks - A Transparent Defense Mechanism," wse, pp.22-32, Eighth IEEE International Symposium on Web Site Evolution (WSE'06), 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.