• DocumentCode
    2186056
  • Title

    A combined approach to prevent SQL Injection Attacks

  • Author

    Dogbe, Evans ; Millham, Richard ; Singh, Prashant

  • Author_Institution
    Durban Univ. of Technol., Durban, South Africa
  • fYear
    2013
  • fDate
    7-9 Oct. 2013
  • Firstpage
    406
  • Lastpage
    410
  • Abstract
    In order to adapt to changing business requirements, information systems are often migrated to the Web but, in doing so, these systems often have their security vulnerabilities exposed to a wider range of attacks. One of the most prominent type of security attacks faced by these systems, according to Mitre Corporation, are SQL Injection Attacks (SQLIA). In this paper, we examine different approaches to detect and protect against SQLIA, each with their strengths and weaknesses, and then propose a combined approach of SQLIA prevention techniques (the fine grained Role Based Access Control [RBAC] and static and dynamic analysis of SQL parse trees) in order to maximise the advantages of each method and to ensure that a second line of defence is provided, in case the first method fails.
  • Keywords
    Internet; SQL; authorisation; business data processing; information systems; program diagnostics; Mitre Corporation; RBAC; SQL injection attacks; SQL parse trees; SQLIA prevention techniques; World Wide Web; business requirements; dynamic analysis; information systems; role based access control; security vulnerabilities; static analysis; Access control; Business; Computer hacking; Data models; Monitoring; Vegetation; RBAC; SQL Injection attack; SQLIA prevention;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Science and Information Conference (SAI), 2013
  • Conference_Location
    London
  • Type

    conf

  • Filename
    6661770
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2186056