PSIAQOP: preventing SQL injection attacks based on query optimization process
Proceedings of the Second Kuwait Conference on e-Services and e-Systems
Mitigating program security vulnerabilities: Approaches and challenges
ACM Computing Surveys (CSUR)
Detection of cross site scripting attack in wireless networks using n-Gram and SVM
Mobile Information Systems - Advances in Network-Based Information Systems
| Hi-index | 0.00 |
An SQL injection attack targets interactive web applications that employ database services. These applications accept user inputs and use them to form SQL statements at runtime. During an SQL injection attack, an attacker might provide malicious SQL query segments as user input which could result in a different database request. By using SQL injection attacks, an attacker could thus obtain and/or modify confidential/sensitive information. An attacker could even use a SQL injection vulnerability as a rudimentary IP/Port scanner of the internal corporate network. Several papers in literature have proposed ways to prevent SQL injection attacks in the application layer by examining dynamic SQL query semantics at runtime. However, very little emphasis is laid on securing stored procedures in the database layer which could also suffer from SQL injection attacks. Some papers in literature even refer to stored procedures as a remedy against SQL injection attacks. As stored procedures reside on the database front, the methods proposed by them cannot be applied to secure stored procedures themselves.