SQLStor: blockage of stored procedure SQL injection attack using dynamic query structure validation

Sruthy Mamadhan; Manesh T.; Varghese Paul

doi:10.1109/ISDA.2012.6416544

SQLStor: blockage of stored procedure SQL injection attack using dynamic query structure validation

Sruthy Mamadhan
, Manesh T.
, Varghese Paul

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Web applications are becoming an important part of our daily life. So attacks against them also increases rapidly. Of these attacks, a major role is held by SQL injection attacks (SQLIA). This paper proposes a new method for preventing SQL injection attacks in JSP web applications. The basic idea is to check before execution, the intended structure of the SQL query. For this we use semantic comparison. This method prevents different kinds of injection attacks including stored procedure attack which is more difficult and less considered in the literature.

Original language	English
Title of host publication	2012 12th International Conference on Intelligent Systems Design and Applications (ISDA)
Place of Publication	Piscataway, New Jersey
Publisher	IEEE
Pages	240-245
Number of pages	6
ISBN (Electronic)	9781467351195, 9781467351188
ISBN (Print)	9781467351171
DOIs	https://doi.org/10.1109/ISDA.2012.6416544
Publication status	Published - 24 Dec 2013
Externally published	Yes

Publication series

Name	IEEE Conference Proceedings
Publisher	IEEE
ISSN (Print)	2164-7143
ISSN (Electronic)	2164-7151

Keywords

arraylist
parse tree
semantics
SQL injection
web application

Access to Document

10.1109/ISDA.2012.6416544

Cite this

@inproceedings{fe621b58a9444f8aaee254a46f0b5a18,

title = "SQLStor: blockage of stored procedure SQL injection attack using dynamic query structure validation",

abstract = "Web applications are becoming an important part of our daily life. So attacks against them also increases rapidly. Of these attacks, a major role is held by SQL injection attacks (SQLIA). This paper proposes a new method for preventing SQL injection attacks in JSP web applications. The basic idea is to check before execution, the intended structure of the SQL query. For this we use semantic comparison. This method prevents different kinds of injection attacks including stored procedure attack which is more difficult and less considered in the literature.",

keywords = "arraylist, parse tree, semantics, SQL injection, web application",

author = "Sruthy Mamadhan and Manesh T. and Varghese Paul",

year = "2013",

month = dec,

day = "24",

doi = "10.1109/ISDA.2012.6416544",

language = "English",

isbn = "9781467351171",

series = "IEEE Conference Proceedings",

publisher = "IEEE",

pages = "240--245",

booktitle = "2012 12th International Conference on Intelligent Systems Design and Applications (ISDA)",

address = "United States",

}

SQLStor: blockage of stored procedure SQL injection attack using dynamic query structure validation. / Mamadhan, Sruthy; T., Manesh; Paul, Varghese.
2012 12th International Conference on Intelligent Systems Design and Applications (ISDA). Piscataway, New Jersey: IEEE, 2013. p. 240-245 (IEEE Conference Proceedings).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - SQLStor

T2 - blockage of stored procedure SQL injection attack using dynamic query structure validation

AU - Mamadhan, Sruthy

AU - T., Manesh

AU - Paul, Varghese

PY - 2013/12/24

Y1 - 2013/12/24

N2 - Web applications are becoming an important part of our daily life. So attacks against them also increases rapidly. Of these attacks, a major role is held by SQL injection attacks (SQLIA). This paper proposes a new method for preventing SQL injection attacks in JSP web applications. The basic idea is to check before execution, the intended structure of the SQL query. For this we use semantic comparison. This method prevents different kinds of injection attacks including stored procedure attack which is more difficult and less considered in the literature.

AB - Web applications are becoming an important part of our daily life. So attacks against them also increases rapidly. Of these attacks, a major role is held by SQL injection attacks (SQLIA). This paper proposes a new method for preventing SQL injection attacks in JSP web applications. The basic idea is to check before execution, the intended structure of the SQL query. For this we use semantic comparison. This method prevents different kinds of injection attacks including stored procedure attack which is more difficult and less considered in the literature.

KW - arraylist

KW - parse tree

KW - semantics

KW - SQL injection

KW - web application

UR - http://www.scopus.com/inward/record.url?eid=2-s2.0-84874389071&partnerID=MN8TOARS

U2 - 10.1109/ISDA.2012.6416544

DO - 10.1109/ISDA.2012.6416544

M3 - Conference contribution

SN - 9781467351171

T3 - IEEE Conference Proceedings

SP - 240

EP - 245

BT - 2012 12th International Conference on Intelligent Systems Design and Applications (ISDA)

PB - IEEE

CY - Piscataway, New Jersey

ER -

SQLStor: blockage of stored procedure SQL injection attack using dynamic query structure validation

Abstract

Publication series

Keywords

Access to Document

Other files and links

Fingerprint

Cite this