期刊名称:International Journal of Computer Science and Network Security
印刷版ISSN:1738-7906
出版年度:2010
卷号:10
期号:5
页码:305-313
出版社:International Journal of Computer Science and Network Security
摘要:Data security has become a topic of primary discussion for security expert. Vulnerabilities are pervasive resulting in exposure of organizations and firms to a wide array of risks. Code Injection attack, a major concern for web security, occurs when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or when user input is not strongly typed and thereby unexpectedly executed, causing an error due to improper setup or coding such that the system fails to handle or properly respond to exceptional or unexpected data or conditions, which results in a situation wherein user credentials can be captured by injecting exceptional data. In spite of many tools and techniques, attacks on web application especially through SQL Injection Attacks are at a rise. Threat modeling is an important risk assessment and mitigation practice that provides the capability to secure a web application. A comprehensively designed threat model can provide a better understanding of the risks and help determine the extent of mitigation action. This paper aims to initiate the threat risk model ADMIRE which is a comprehensive, structured and stepwise approach, which would help to identify and mitigate Code Injections attacks and shield the database lying in the database servers, which may be unauthorizedly accessed for malafide reasons from the web applications.
关键词:Security; SQL Injection; Threat modeling; Vulnerability; Web Application
Loading...
