期刊名称:International Journal of Computer Trends and Technology
电子版ISSN:2231-2803
出版年度:2015
卷号:29
期号:1
页码:15-18
DOI:10.14445/22312803/IJCTT-V29P103
出版社:Seventh Sense Research Group
摘要:SQLIA has been now a major threat to the growing popularity of web application. The main target of this attack is the database. This allows attackers to obtain unauthorised access to database .In this paper we survey different types of SQLIAs and prevention methods. To address this problem we propose a mixed approach for prevention of SQLIA .This paper ensures that the untrusted data are validated against a list of allowable values. Least privilege principle is applied to SQL account used by web application. We avoid query concatenation at almost all costs and use parameterized queries wherever possible.
关键词:SQLIA; Database; Vulnerabilities; attacker; web security; detection; prevention; webapplication.
