A survey on SQL injection: Vulnerabilities, attacks, and prevention techniques

Proceedings of the International Symposium on Consumer Electronics, ISCE

Volumn , Issue , 2011, Pages 468-471

  Kindy, Diallo Abdoulaye ^a   Pathan, Al Sakib Khan ^a  

^a INTERNATIONAL ISLAMIC UNIVERSITY MALAYSIA   (Malaysia)

Author keywords

[No Author keywords available]

Indexed keywords

SQL INJECTION;

CONSUMER ELECTRONICS;

SURVEYS;

EID: 80052411765     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ISCE.2011.5973873     Document Type: Conference Paper

References (24)

1. http://www.owasp.org/index.php/Top-10-2010-A1-Injection, retrieve on 13/01/2010
2. K. Kemalis, and T. Tzouramanis (2008). SQL-IDS: A Specification-based Approach for SQLinjection Detection. SAC'08. Fortaleza, Ceará, Brazil, ACM: pp. 2153 2158.
3. X. Fu, X. Lu, B. Peltsverger, S. Chen, K. Qian, and L. Tao. A Static Analysis Framework for Detecting SQL Injection Vulnerabilities, COMPSAC 2007, pp.87-96, 24-27 July 2007
4. S. Thomas, L. Williams, and T. Xie, On automated prepared statement generation to remove SQL injection vulnerabilities. Information and Software Technology 51, 589-598 (2009).
5. M. Ruse, T. Sarkar and S. Basu. Analysis & Detection of SQL Injection Vulnerabilities via Automatic Test Case Generation of Programs. 10th Annual International Symposium on Applications and the Internet pp. 31-37 (2010)
6. M. Junjin, "An Approach for SQL Injection Vulnerability Detection," Proc. of the 6th Int. Conf. on Information Technology: New Generations, Las Vegas, Nevada, pp. 1411-1414, April 2009.
7. Y. Haixia, N. Zhihong, "A database security testing scheme of web application," Proc. of ICCSE '09 , pp. 953-955, 25-28 July 2009.
8. Roichman, A., Gudes, E.: Fine-grained Access Control to Web Databases. In: Proc. of 12th SACMAT Symposium, France (2007)
9. W. G. Halfond, J. Viegas, and A. Orso. A Classification of SQL-Injection Attacks and Countermeasures. In Proc. of the Intl. Symposium on Secure Software Engineering, Mar. 2006.
10. A. Tajpour; M. Masrom; M. Z. Heydari.; S. Ibrahim; "SQL injection detection and prevention tools assessment," Proc. Of ICCSIT 2010, vol.9, no., pp.518-522, 9-11 July 2010
11. A. Tajpour; M. JorJor Zade Shooshtari , "Evaluation of SQL Injection Detection and Prevention Techniques," Proc. of CICSyN, 2010, pp.216-221, 28-30 July 2010
12. N. Seixas; J. Fonseca; M. Vieira; H. Madeira, "Looking at Web Security Vulnerabilities from the Programming Language Perspective: A Field Study," Proc. of ISSRE '09, pp.129-135.
13. S. W. Boyd and A. D. Keromytis. SQLrand: Preventing SQL Injection Attacks. In Proceedings of the 2nd Applied Cryptography and Network Security Conference, pages 292-302, June 2004.
14. R.A. McClure, and I.H. Kruger, "SQL DOM: compile time checking of dynamic SQL statements," Software Engineering, 2005. ICSE 2005. Proceedings. 27th International Conference on, pp. 88-96, 15-21 May 2005.
15. K. Amirtahmasebi, S. R. Jalalinia, S. Khadem, "A survey of SQL injection defense mechanisms," Proc. Of ICITST 2009, vol., no., pp.1-8, 9-12 Nov. 2009
16. Y.-W. Huang, F. Yu, C. Hang, C.-H. Tsai, D.-T. Lee and S.-Y. Kuo, "Securing Web Application Code by Static Analysis and Runtime Protection," 13th International Conference on World Wide Web, New York, NY, 2004, pp. 40-52.
17. G. Buehrer, B.W. Weide, P.A.G. Sivilotti, Using Parse Tree Validation to Prevent SQL Injection Attacks, in: 5th International Workshop on Software Engineering and Middleware, Lisbon, Portugal, 2005, pp. 106-113.
18. P. Bisht, P. Madhusudan, and V. N. Venkatakrishnan. CANDID: Dynamic Candidate Evaluations for Automatic Prevention of SQL Injection Attacks. ACM Trans. Inf. Syst. Secur., 13(2):1-39, 2010.
19. Y. Shin, L. Williams and T. Xie, "SQLUnitGen: Test Case Generation for SQL Injection Detection," North Carolina State Univ., Raleigh Technical report, NCSU CSC TR 2006-21, 2006.
20. S. Ali, SK. Shahzad and H. Javed, "SQLIPA: An Authentication Mechanism Against SQL Injection," European Journal of Scientific Research ISSN 1450-216X Vol.38 No.4 (2009), pp 604-611.
21. Z. Su and G. Wassermann "The essence of command injection attacks in web applications". In ACM Symposium on Principles of Programming Languages (POPL'2006), January 2006.
22. A. Roichman, E. Gudes, "DIWeDa - Detecting Intrusions in Web Databases". In: Atluri, V. (ed.) DAS 2008. LNCS, vol. 5094, pp. 313-329. Springer, Heidelberg (2008).
23. Mei Junjin, "An Approach for SQL Injection Vulnerability Detection," Proc. of ITNG '09, pp.1411-1414, 27-29 April 2009.
24. R. A. Baker, "Code Reviews Enhance Software Quality," In Proceedings of the 19th international conference on Software engineering (ICSE'97) pp. 570-571, Boston, MA, USA. 1997.