An Efficient Technique for Detection and Prevention of SQL Injection Attack using ASCII Based String Matching

Balasundaram, Indrani; Ramaraj, E.

doi:10.1016/j.proeng.2012.01.850

Cited by 27 publications

(13 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…validated) with all the mentioned steps, and the result shows if the information is safe or not. Balasundaram [1] mentions two more methods for the purpose of the detection and prevention of SQL injection attacks, a web service technique in [10] and an ASCII based string matching approach in [11].…”

Section: Related Workmentioning

confidence: 99%

Web Threats Detection and Prevention Framework

Rababah¹,

Hwaitat²,

Manaseer³

et al. 2016

View full text Add to dashboard Cite

The rapid advancement in technology and the increased number of web applications with very short turnaround time caused an increased need for protection from vulnerabilities that grew due to decision makers overlooking the need to be protected from attackers or software developers lacking the skills and experience in writing secure code. Structured Query Language (SQL) Injection, cross-site scripting (XSS), Distributed Denial of service (DDos) and suspicious user behaviour are some of the common types of vulnerabilities in web applications by which the attacker can disclose the web application sensitive information such as credit card numbers and other confidential information. This paper proposes a framework for the detection and prevention of web threats (WTDPF) which is based on preventing the attacker from gaining access to confidential data by studying his behavior during the action of attack and taking preventive measures to reduce the risks of the attack and as well reduce the consequences of such malicious action. The framework consists of phases which begin with the input checking phase, signature based action component phase, alert and response phases. Additionally, the framework has a logging functionality to store and keep track of any action taking place and as well preserving information about the attacker IP address, date and time of the attack, type of the attack, and the mechanism the attacker used. Moreover, we provide experimental results for different kinds of attacks, and we illustrate the success of the proposed framework for dealing with and preventing malicious actions.

show abstract

Section: Related Workmentioning

confidence: 99%

Web Threats Detection and Prevention Framework

Rababah¹,

Hwaitat²,

Manaseer³

et al. 2016

View full text Add to dashboard Cite

show abstract

“…For our mapping study, we followed the guidelines provided in [7,8]. Accordingly, our mapping study was conducted in three stages.…”

Section: The Systematic Mapping Proceduresmentioning

confidence: 99%

“…enterprise security application programming interface whose purpose is incorporating security into existing and new WBs. Finally, researchers have broad consensus over OWASP top 10 regarding the main critical security vulnerabilities of WBs [3,4,7,8,11,12,13,14,17].…”

Section: Introductionmentioning

confidence: 99%

Web application security vulnerabilities detection approaches: A systematic mapping study

Rafique

Humayun

Hamid

et al. 2015

2015 IEEE/ACIS 16th International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distribu

View full text Add to dashboard Cite

Number of security vulnerabilities in web application has grown with the tremendous growth of web application in last two decades. As the domain of Web Applications is maturing, large number of empirical studies has been reported in web applications to address the solution of vulnerable web application. However, before advancing towards finding new approaches of web applications security vulnerability detection, there is a need to analyze and synthesize existing evidence based studies in web applications area. To do this, we have planned to conduct a systematic mapping study to view and report the state-of-the-art of empirical work in existing research of web applications. In this paper, we aimed at providing a description of mapping study for synthesizing the reported empirical research in the area of web applications security vulnerabilities detection approaches. The proposed solutions are mapped against: (1) the software development stages for which the solution has been proposed and (2) the web application vulnerabilities mapping according to OWASP Top 10 security vulnerabilities.To do this, existing literature has been surveyed using a systematic mapping study by phrasing two research questions. In the mapping study, a total of 41 studies dating from 1994 to 2014 were evaluated and mapped against the aforementioned categories.The outcome of this mapping study is current state-of-the-art of empirical research in web application area, strength and weaknesses of existing empirical work, best practices and possible directions for future research.

show abstract

“…String matching problems involve finding all occurrences of a given short-pattern query on a relatively long reference string. This problem has a number of applications, such as computer security [1], word recognition [2], data mining [3]- [5], and biological sequence processing [6]. Many theoretical solutions have been presented (including exact string matching algorithms [7], and approximate string matching algorithms [8]).…”

Section: Introductionmentioning

confidence: 99%

An Efficient Composite-Alphabet Transform for String Matching under a Restricted Alphabet Set

Kim¹,

Ock²,

Cho³

2013

JCP

View full text Add to dashboard Cite

String matching is a problem of finding all occurrences of a short pattern on a relatively long reference string. While a number of methods have been presented, most published implementations assume several restrictions due to some practical issues. We focus on the restriction of the alphabet size, which is usually set to be 256 in many string matching libraries. When strings must be handled over an alphabet with a size greater than the limit provided by the given implementation, each character should be represented as a composite alphabet which involves combinations of two or more characters in the restricted alphabet set. In this case, potential false positives can sometimes occur, which may cause a decline in the performance in output-sensitive string matching systems, such as the FM-index. In this paper, we empirically compare various configurations of composite alphabets using FM-index, and show how they affect the performance in terms of the number of false positives and the searching time.

show abstract

An Efficient Technique for Detection and Prevention of SQL Injection Attack using ASCII Based String Matching

Cited by 27 publications

References 2 publications

Web Threats Detection and Prevention Framework

Web Threats Detection and Prevention Framework

Web application security vulnerabilities detection approaches: A systematic mapping study

An Efficient Composite-Alphabet Transform for String Matching under a Restricted Alphabet Set

Contact Info

Product

Resources

About