期刊名称:International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)
印刷版ISSN:2278-1323
出版年度:2012
卷号:1
期号:9
页码:60-68
出版社:Shri Pannalal Research Institute of Technolgy
摘要:These days' cyber attacks have become a major concern because these attackers can steal important documents and damage websites and access confidential information and may drive many corporations that conduct their business through the web to suffer financial and reputation damages. Out of all those attacks the most dangerous cyber attack is the Structured Query Language (SQL)-injection attack. This type of attack can be easily made via normal web browsers that we use for surfing the net in our day to day life. A characteristic diagnostic feature of SQL injection attacks is that they change the intended structure of queries issued. Most web application developers do not apply user input validation and they are not aware about the consequences of such practices. Due to these inappropriate programming practices a large room for SQL-injection attack is left open which lure the hackers to steal confidential information from the servers' database [4]. In order to handle this vulnerability and detect it, we must en hance the coding structure used for web application development and this requires development of a powerful tool that can automatically create SQL-injection attacks using efficient features (different attacking patterns). Our technique for detecting SQL injection is to dynamically mine the programmer - intended query structure on any input, and to detect attacks bycomparing them against the intended query structure.
关键词:SQL injection attack; Smart injector ; Tool;Types of SQL attacks
