What Is SQL Injection?

Clarke, Justin

doi:10.1016/b978-1-59749-424-3.00001-3

Cited by 22 publications

(22 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It is widely used in enterprise application development. However, it is often suffered from the “SQL-injection” attack 31 . The hackers can get the highest privileges of system with the specific designed SQL query.…”

Section: Extension To the Conference Papersmentioning

confidence: 99%

MicroShare: Privacy-Preserved Medical Resource Sharing through MicroService Architecture

Yang¹,

Zu²,

Liu³

et al. 2018

Int. J. Biol. Sci.

View full text Add to dashboard Cite

This paper takes up the problem of medical resource sharing through MicroService architecture without compromising patient privacy. To achieve this goal, we suggest refactoring the legacy EHR systems into autonomous MicroServices communicating by the unified techniques such as RESTFul web service. This lets us handle clinical data queries directly and far more efficiently for both internal and external queries. The novelty of the proposed approach lies in avoiding the data de-identification process often used as a means of preserving patient privacy. The implemented toolkit combines software engineering technologies such as Java EE, RESTful web services, JSON Web Tokens to allow exchanging medical data in an unidentifiable XML and JSON format as well as restricting users to the need-to-know principle. Our technique also inhibits retrospective processing of data such as attacks by an adversary on a medical dataset using advanced computational methods to reveal Protected Health Information (PHI). The approach is validated on an endoscopic reporting application based on openEHR and MST standards. From the usability perspective, the approach can be used to query datasets by clinical researchers, governmental or non-governmental organizations in monitoring health care and medical record services to improve quality of care and treatment.

show abstract

Section: Extension To the Conference Papersmentioning

confidence: 99%

MicroShare: Privacy-Preserved Medical Resource Sharing through MicroService Architecture

Yang¹,

Zu²,

Liu³

et al. 2018

Int. J. Biol. Sci.

View full text Add to dashboard Cite

show abstract

“…• An Structured Query Language (SQL) injection, usually implemented as a malware vector, is the input of code into a website's data input, in order to execute malicious commands [49]: "It is the vulnerability that results when you give an attacker the ability to influence the Structured Query Language (SQL) queries that an application passes to a back-end database. By being able to influence what is passed to the database, the attacker can leverage the syntax and capabilities of SQL itself, as well as the power and flexibility of supporting database functionality and operating system functionality available to the database" [50]. For instance, in a site's contact form, the attacker inputs a string of characters in order to manipulate the site's SQL database, instead of merely sending information.…”

Section: The Russo-georgian Warmentioning

confidence: 99%

“…Due to the potential exposure of the site's core data (e.g. usernames and passwords), "SQL injection is one of the most devastating vulnerabilities to impact a business" [50]. • Cross-Site Scripting (XSS) steals the victim's browser cookies as a way to hijack its session [51].…”

Section: The Russo-georgian Warmentioning

confidence: 99%

“…Due to the potential exposure of the site's core data (e.g. usernames and passwords), "SQL injection is one of the most devastating vulnerabilities to impact a business" [50]. For instance, on South Ossetia, a disputed region in the north of Georgia; South Ossetian independence efforts are openly supported by the Kremlin [13, p194-196].…”

Section: Both Private and Public Actorsmentioning

confidence: 99%

See 1 more Smart Citation

Cyber Conflicts in International Relations: Framework and Case Studies

Gamero-Garrido

2014

SSRN Journal

View full text Add to dashboard Cite

“…Which may cause to disrupt the system. Justin Clarke [1] described the process of SQL Inject as a weakness in the code where the program does not validate the inputs of user before passing them to SQL queries, which makes the attacker can manipulate the code to execute it on the back-end database.…”

Section: Introductionmentioning

confidence: 99%

An Improved SQL Injection Attack Detection Model Using Machine Learning Techniques

Abdulmalik

2021

Int J Innov Comp

View full text Add to dashboard Cite

SQL Injection Attack (SQLIA) is a common cyberattack that target web application database. With the ever increasing and varying techniques to exploit web application SQLIA vulnerabilities, there is no a comprehensive method that can solve this kind of attacks. Therefore, these various of attack techniques required to establish many methods against in order to mitigate its threats. However, most of these methods have not yet been evaluated, where it is still just theories and require to implement and measure its performance and set its limitation. Moreover, most of the existing SQL injection countermeasures either used syntax-based detection methods or a list of predefined rules to detect the SQL injection, which is vulnerable in advance and sophisticated type of attacks because attackers create new ways to evade the detection utilizing their pre-knowledge. Although semantic-based features can improve the detection, up to our knowledge, no studies focused on extracting the semantic features from SQL stamens. This paper, investigates a designed model that can improve the efficacy of the SQL injection attack detection using machine learning techniques by extracting the semantic features that can effectively indicate the SQL injection attack. Also, a tenfold approach will be used to evaluate and validate the proposed detection model.

show abstract

What Is SQL Injection?

Cited by 22 publications

References 0 publications

MicroShare: Privacy-Preserved Medical Resource Sharing through MicroService Architecture

MicroShare: Privacy-Preserved Medical Resource Sharing through MicroService Architecture

Cyber Conflicts in International Relations: Framework and Case Studies

An Improved SQL Injection Attack Detection Model Using Machine Learning Techniques

Contact Info

Product

Resources

About