Abstract Views :120 |
PDF Views:0
Authors
Affiliations
1 Dept. of Com Sc & IT, University of Jammu, IN
Source
Research Cell: An International Journal of Engineering Sciences, Vol 4 (2011), Pagination: 200-211
Abstract
Web applications are popular targets of security attacks. One common type of such attacks is SQL injection, where an attacker using specially crafted inputs, causes a web application to generate and send a query that functions differently than the programmer intended. Thus a diagnostic feature of SQL injection attacks is that they change the intended syntactic structure of queries issued. This paper presents a query intent evaluation technique to detect possible SQL Injection attacks by tracing the queries in which the input substrings modify the syntactic structure of the rest of the query. This approach has been implemented in a tool which takes an SQL query as input and detects if it is a command injection attack.
Full Text