2012
DOI: 10.1016/j.mcm.2011.01.050
|View full text |Cite
|
Sign up to set email alerts
|

A novel method for SQL injection attack detection based on removing SQL query attribute values

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
61
0

Year Published

2012
2012
2022
2022

Publication Types

Select...
4
3
1

Relationship

0
8

Authors

Journals

citations
Cited by 113 publications
(61 citation statements)
references
References 12 publications
0
61
0
Order By: Relevance
“…[39] are categorized SQLIA into several categories and used them to evaluate the effectiveness for prevention SQLIAs. We used the same techniques of Halfond to evaluate our techniques via other techniques.…”
Section: Figure 4 Overhead Performancementioning
confidence: 99%
“…[39] are categorized SQLIA into several categories and used them to evaluate the effectiveness for prevention SQLIAs. We used the same techniques of Halfond to evaluate our techniques via other techniques.…”
Section: Figure 4 Overhead Performancementioning
confidence: 99%
“…The technique used in this approach is that healthy database behaviors are extracted and encoded in a XML profile and a data mining technique with finger printing is used to identify malicious queries. A relatively simple detection scheme used in [4] is based on both static and dynamic analysis methods. In this scheme, parameters are separated from query and a generalized algorithm based on static and dynamic analysis is used to detect whether the parameters are genuine or infected.…”
Section: Related Workmentioning
confidence: 99%
“…SQL Injection Attacks can be done in various ways like using UNION keyword, Tautology condition, Group by Having Clause etc. There are also various ways of performing such attacks which are discussed in [4], [5], and [7] by different authors.…”
Section: Sql Injectionmentioning
confidence: 99%
“…The single quote ( ' ) symbol indicates the end of string, and (--) symbol is used as a comment which successfully terminates the query without generating any error. Because of this, the whole query will return true for Query result variable [4], which authenticates the user without checking password.…”
Section: Sql Injectionmentioning
confidence: 99%
See 1 more Smart Citation