Web application security assessment by fault injection and behavior monitoring
WWW '03 Proceedings of the 12th international conference on World Wide Web
SQL DOM: compile time checking of dynamic SQL statements
Proceedings of the 27th international conference on Software engineering
Using parse tree validation to prevent SQL injection attacks
SEM '05 Proceedings of the 5th international workshop on Software engineering and middleware
The essence of command injection attacks in web applications
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
RFID Essentials (Theory in Practice (O'Reilly))
RFID Essentials (Theory in Practice (O'Reilly))
Evaluation of SQL Injection Detection and Prevention Techniques
CICSYN '10 Proceedings of the 2010 2nd International Conference on Computational Intelligence, Communication Systems and Networks
SQLIA detection and prevention approach for RFID systems
Journal of Systems and Software
| Hi-index | 0.00 |
While SQL injection attacks have been plaguing web applications for years the threat they pose to RFID systems have only identified recently. Because the architecture of web systems and RFID systems differ considerably the prevention and detection techniques proposed for web applications are not suitable for RFID systems. In this paper we propose a system to secure RFID systems against tag based SQLIA. Our system is optimized for the architecture of RFID systems and consists of a query structure matching technique and tag data cleaning technique. The novelty of the proposed system is that it's specifically aimed at RFID systems and has the ability to detect and prevent second order injections which is a problem most current solutions haven't addressed. The preliminary evaluation of our query matching technique is very promising showing very high detection rate with minimal false positives.