Title :
Anti SQL Injection with Statements Sequence Digest
Author :
Baohua Huang ; Tongyi Xie ; Yan Ma
Author_Institution :
Coll. of Comput. & Electron. & Inf., Guangxi Univ., Nanning, China
Abstract :
SQL Injection (SQLI) is an attack method that is easy to achieve but often leads data leak and malicious control of the system, so anti SQLI is very important for applications using database. This paper proposes an algorithm for detecting SQLI based on statements sequence digest (SSD). Abstract SQL statement, SSD and its calculating method are defined; algorithms for building SSD and detection SQLI in application are given. For SSD is calculated from the SQL statements sequence context, the proposed algorithm is not only more reliable than filtering special characters and words, but also more exact than checking single SQL statement. Experiments show that the proposed algorithm is implementation feasible and performance efficient.
Keywords :
Internet; SQL; security of data; sequences; SQL statements sequence context; SQLI detection; SSD; abstract SQL statement; antiSQL injection; attack method; data leak; statements sequence digest; system malicious control; Abstracts; Buildings; Computers; Context; Databases; Security; Servers;
Conference_Titel :
Engineering and Technology (S-CET), 2012 Spring Congress on
Conference_Location :
Xian
Print_ISBN :
978-1-4577-1965-3
DOI :
10.1109/SCET.2012.6341889
