Please use this identifier to cite or link to this item: http://idr.nitk.ac.in/jspui/handle/123456789/8964
Title: Model based hybrid approach to prevent SQL injection attacks in PHP
Authors: Sadalkar, K.
Mohandas, R.
Pais, A.R.
Issue Date: 2011
Citation: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2011, Vol.7011 LNCS, , pp.3-15
Abstract: SQL Injection vulnerability is ranked 1st in the OWASP top 10 vulnerability list and has resulted in massive attacks on a number of websites in the past few years. Inspite of preventive measures like educating developers about safe coding practices, statistics shows that these vulnerabilities are still dominating the top. Various static and dynamic approaches have been proposed to mitigate this vulnerability. In this paper, we present a hybrid approach to prevent SQL injection attacks in PHP, a popular server side scripting language. This technique is more effective to prevent SQL injection attack in a dynamic web content environment without use of complex string analyzer logic. Initially, we construct a Query model for each hotspot by running the application in safe mode. In the production environment, dynamically generated queries are validated with it. The results and analysis shows the proposed approach is simple and effective to prevent common SQL injection vulnerabilities. � 2011 Springer-Verlag.
URI: http://idr.nitk.ac.in/jspui/handle/123456789/8964
Appears in Collections:2. Conference Papers

Files in This Item:
File Description SizeFormat 
8964.pdf370.78 kBAdobe PDFThumbnail
View/Open


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.