Event Title

Improvements to real-time techniques used to protect Web Applications from SQL injections attacks

Session

Computer Science and Communication Engineering

Description

SQL injection is a prevalent technique that attackers appoint to impose the database in the most of web applications, by manipulate the SQL queries that send to Relational Database Management System (RDBMS). The aim is to obtain confidential information found in the underlying database, or to change the registered data and to destroy either the database or the server into which these data are registered. Many techniques are proposed over the years, as efficient web application SQL injection preventer, using the datasets. In this presentation, we are considering the one such web based attack and its prevention technique in real time web applications as well as presenting the ways to implement same approach for binary applications. The presentation extend some previously techniques, using real time based on positive tainting, accurate and efficiency taint propagation, and syntax aware evaluation of the query strings. These techniques works in real time environment at the application level to detect illegal queries before they reach at the database. They includes three preventive mechanisms like parameterized stored procedures, customized error messages, and encryption stored procedures in the SQL server.

Keywords:

SQL Injection, Web Applications, Security, Database

Session Chair

Felix Breitenecker

Session Co-Chair

Edmond Jajaga

Proceedings Editor

Edmond Hajrizi

ISBN

978-9951-437-69-1

Location

Pristina, Kosovo

Start Date

27-10-2018 3:15 PM

End Date

27-10-2018 4:45 PM

DOI

10.33107/ubt-ic.2018.95

This document is currently not available here.

Share

COinS
 
Oct 27th, 3:15 PM Oct 27th, 4:45 PM

Improvements to real-time techniques used to protect Web Applications from SQL injections attacks

Pristina, Kosovo

SQL injection is a prevalent technique that attackers appoint to impose the database in the most of web applications, by manipulate the SQL queries that send to Relational Database Management System (RDBMS). The aim is to obtain confidential information found in the underlying database, or to change the registered data and to destroy either the database or the server into which these data are registered. Many techniques are proposed over the years, as efficient web application SQL injection preventer, using the datasets. In this presentation, we are considering the one such web based attack and its prevention technique in real time web applications as well as presenting the ways to implement same approach for binary applications. The presentation extend some previously techniques, using real time based on positive tainting, accurate and efficiency taint propagation, and syntax aware evaluation of the query strings. These techniques works in real time environment at the application level to detect illegal queries before they reach at the database. They includes three preventive mechanisms like parameterized stored procedures, customized error messages, and encryption stored procedures in the SQL server.