Security Warrior
Exploiting Software: How to Break Code
Exploiting Software: How to Break Code
AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks
Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
Measuring intrusion detection capability: an information-theoretic approach
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Proposing SQL statement coverage metrics
Proceedings of the fourth international workshop on Software engineering for secure systems
Classification Agent-Based Techniques for Detecting Intrusions in Databases
HAIS '08 Proceedings of the 3rd international workshop on Hybrid Artificial Intelligence Systems
Identifying false alarm for network intrusion detection system using data mining and decision tree
DNCOCO'08 Proceedings of the 7th conference on Data networks, communications, computers
Architecture for data collection in database intrusion detection systems
SDM'07 Proceedings of the 4th VLDB conference on Secure data management
On automatic detection of SQL injection attacks by the feature extraction of the single character
Proceedings of the 4th international conference on Security of information and networks
Automatically preparing safe SQL queries
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
SQL injection attack mechanisms and prevention techniques
ADCONS'11 Proceedings of the 2011 international conference on Advanced Computing, Networking and Security
Semantic security against web application attacks
Information Sciences: an International Journal
| Hi-index | 0.00 |
SQL injection attacks potentially affect all applications, especially web applications, that utilize a database backend. While these attacks are generally against the applications and not the database directly, there are some techniques that can be deployed to mitigate the risk at the database server. Database intrusion detection systems are often based on signatures of known exploits and honey tokens, traps set in the database. This paper examines the threat from SQL injection attacks, the reasons traditional database access control is not sufficient to stop them, and some of the techniques used to detect them. Moreover, it proposes a model for an anomalous SQL detector which observes the database traffic from the perspective of the database server itself. The proposed anomaly model can be used in conjunction with the existing methods to give the database server a way to mitigate the SQL injection risk that is a major application security problem.