• DocumentCode
    1987902
  • Title

    Anti SQL Injection with Statements Sequence Digest

  • Author

    Baohua Huang ; Tongyi Xie ; Yan Ma

  • Author_Institution
    Coll. of Comput. & Electron. & Inf., Guangxi Univ., Nanning, China
  • fYear
    2012
  • fDate
    27-30 May 2012
  • Firstpage
    1
  • Lastpage
    4
  • Abstract
    SQL Injection (SQLI) is an attack method that is easy to achieve but often leads data leak and malicious control of the system, so anti SQLI is very important for applications using database. This paper proposes an algorithm for detecting SQLI based on statements sequence digest (SSD). Abstract SQL statement, SSD and its calculating method are defined; algorithms for building SSD and detection SQLI in application are given. For SSD is calculated from the SQL statements sequence context, the proposed algorithm is not only more reliable than filtering special characters and words, but also more exact than checking single SQL statement. Experiments show that the proposed algorithm is implementation feasible and performance efficient.
  • Keywords
    Internet; SQL; security of data; sequences; SQL statements sequence context; SQLI detection; SSD; abstract SQL statement; antiSQL injection; attack method; data leak; statements sequence digest; system malicious control; Abstracts; Buildings; Computers; Context; Databases; Security; Servers;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Engineering and Technology (S-CET), 2012 Spring Congress on
  • Conference_Location
    Xian
  • Print_ISBN
    978-1-4577-1965-3
  • Type

    conf

  • DOI
    10.1109/SCET.2012.6341889
  • Filename
    6341889
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1987902