期刊名称:International Journal of Distributed and Parallel Systems
印刷版ISSN:2229-3957
电子版ISSN:0976-9757
出版年度:2012
卷号:3
期号:6
DOI:10.5121/ijdps.2012.3601
出版社:Academy & Industry Research Collaboration Center (AIRCC)
摘要:Web applications are becoming an important part of our daily life. So attacks against them also increases rapidly. Of these attacks, a major role is held by SQL injection attacks (SQLIA). This paper proposes a new method for preventing SQL injection attacks in JSP web applications. The basic idea is to check before execution, the intended structure of the SQL query. For this we use semantic comparison. Our focus is on stored procedure attack in which query will be formed within the database itself and so difficult to extract that query structure for validation. Also this attack is less considered in the literature
关键词:Arraylist; Attack; Parse Tree; Semantics; SQL injection; Web application
