期刊名称:International Journal of Computer Science and Security (IJCSS)
电子版ISSN:1985-1553
出版年度:2010
卷号:4
期号:4
页码:426-435
出版社:Computer Science Journals
摘要:Many software systems have evolved to include a Web-based component that makes them available to the public via the Internet and can expose them to a variety of Web-based attacks. One of these attacks is SQL Injection vulnerability (SQLIV), which can give attackers unrestricted access to the databases that underlie Web applications and has become increasingly frequent and serious. The intent is that Web applications will limit the kinds of queries that can be generated to a safe subset of all possible queries, regardless of what input users provide. SQL Injection attacks are possible due to the design drawbacks of the web sites, which interact with back-end databases. Successful attacks may damage more. We introduce a system that deals with new automated technique for preventing SQLIA based on the novel concept of regular expressions is to detect SQL Injection attacks. The proposed system can detect the attacks that are from Internet and Insider Attacks, by analyzing the packets of the network servers.
