AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks
Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
Using parse tree validation to prevent SQL injection attacks
SEM '05 Proceedings of the 5th international workshop on Software engineering and middleware
The essence of command injection attacks in web applications
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
WASP: Protecting Web Applications Using Positive Tainting and Syntax-Aware Evaluation
IEEE Transactions on Software Engineering
Effective Detection of SQL/XPath Injection Vulnerabilities in Web Services
SCC '09 Proceedings of the 2009 IEEE International Conference on Services Computing
PRDC '09 Proceedings of the 2009 15th IEEE Pacific Rim International Symposium on Dependable Computing
A SaaSI: an approved architecture for SaaS service composition
International Journal of Computer Applications in Technology
An e-mail filtering method based on multi-attribute values of user's profile
International Journal of Computer Applications in Technology
Defending against injection attacks through context-sensitive string evaluation
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Role of aspect-oriented approach in dynamic adaptability
International Journal of Computer Applications in Technology
Hi-index | 0.00 |
Most internet applications are providing facilities through the web services. Due to its wide usage, these web services are exposed to severe vulnerabilities that can be uncovered and exploited by hackers. In these vulnerabilities, command injection is the most frequent type of attack that can take advantage of improperly designed applications. These attacks inject and execute commands specified by the attacker, allowing unauthorised access to database schema and critical data stored in data logic. In this paper, a new approach is proposed to effectively detect the command injection vulnerabilities such as SQL injection attacks, by validating the dynamically generated query that is to be executed in the database server. This approach involves Aspect Oriented Programming (AOP) technique, which is used for separating cross cutting concerns such as security from applications. The approach is effective since it uses a XML schema instead of existing methods for validation.