期刊名称:International Journal of Computer Science & Technology
印刷版ISSN:2229-4333
电子版ISSN:0976-8491
出版年度:2012
卷号:3
期号:2
页码:916-921
语种:English
出版社:Ayushmaan Technologies
摘要:SQL injection has become a predominant type of attacks that target web applications. There are many reports on intrusion from external hacker which compromised the back end database system. SQL query segments to change the intended application-generated SQL queries. Researchers have proposed various solutions to address SQL injection problems. However, many of them have limitations and often cannot address all kinds of injection problems. iMPERVA have identified 53 SQLi attacks per hour and 1,093 attacks per day In this paper we propose a technique, which uses runtime validation to detect the occurrence of such attacks, which evaluation methodology is general and adaptable to any existing system. To overcome these problems of existing solutions we use link representations which store the valid query structures in terms of an orders sequence of tokens. To perform fast searching among these various lists we start searching in a multithreaded way. To avoid the huge computation over head of string matching algorithm to match two tokens we convert each token into an integer value and store that integer value instead of that token in our database and while searching we simple match these integer values. For finding the correct group of list we use an array representation which eliminates the need of searching the specific group. So in a brief this technique eliminates the need of source code modification along with an improved overall efficiency.
