Detailed Information
Cited 0 time in 
Cited 0 time in 
Cited 0 time in
Metadata Downloads
Detecting SQL injection attacks using query result size
Full metadata record
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Jang, Young-Su | - |
| dc.contributor.author | Choi, Jin-Young | - |
| dc.date.accessioned | 2021-09-05T07:14:30Z | - |
| dc.date.available | 2021-09-05T07:14:30Z | - |
| dc.date.created | 2021-06-15 | - |
| dc.date.issued | 2014-07 | - |
| dc.identifier.issn | 0167-4048 | - |
| dc.identifier.uri | https://scholar.korea.ac.kr/handle/2021.sw.korea/98031 | - |
| dc.description.abstract | Web applications are becoming an essential part of our everyday lives, with many of our activities dependent on the functionality and security of these applications. Web applications are ubiquitous, perform mission critical tasks, and handle sensitive user data. As the scale of these applications grows, injection vulnerabilities, such as SQL injections, become major security challenges. Most of these vulnerabilities stem from a lack of input validation; that is, web applications use malicious input as part of a sensitive operation without properly checking or sanitizing the input values. SQL injection attacks target databases that are accessible through a web front-end; moreover, they take advantage of flaws in the input validation logic of web components. In this paper, we exhibit a novel scheme that automatically transforms web applications, rendering them safe against SQL injection attacks. Our technique dynamically analyzes the developer-intended query result size for any input, and detects attacks by comparing this against the result of the actual query. We implement this technique in a tool for protecting Java-based web applications. An experimental evaluation demonstrates that our technique is effective against SQL injection vulnerabilities. (C) 2014 Published by Elsevier Ltd. | - |
| dc.language | English | - |
| dc.language.iso | en | - |
| dc.publisher | ELSEVIER ADVANCED TECHNOLOGY | - |
| dc.subject | PRECISE ANALYSIS | - |
| dc.title | Detecting SQL injection attacks using query result size | - |
| dc.type | Article | - |
| dc.contributor.affiliatedAuthor | Choi, Jin-Young | - |
| dc.identifier.doi | 10.1016/j.cose.2014.04.007 | - |
| dc.identifier.scopusid | 2-s2.0-84902299651 | - |
| dc.identifier.wosid | 000337879700008 | - |
| dc.identifier.bibliographicCitation | COMPUTERS & SECURITY, v.44, pp.104 - 118 | - |
| dc.relation.isPartOf | COMPUTERS & SECURITY | - |
| dc.citation.title | COMPUTERS & SECURITY | - |
| dc.citation.volume | 44 | - |
| dc.citation.startPage | 104 | - |
| dc.citation.endPage | 118 | - |
| dc.type.rims | ART | - |
| dc.type.docType | Article | - |
| dc.description.journalClass | 1 | - |
| dc.description.journalRegisteredClass | scie | - |
| dc.description.journalRegisteredClass | scopus | - |
| dc.relation.journalResearchArea | Computer Science | - |
| dc.relation.journalWebOfScienceCategory | Computer Science, Information Systems | - |
| dc.subject.keywordPlus | PRECISE ANALYSIS | - |
| dc.subject.keywordAuthor | Web applications | - |
| dc.subject.keywordAuthor | Sensitive operation | - |
| dc.subject.keywordAuthor | Input validation | - |
| dc.subject.keywordAuthor | Sanitization | - |
| dc.subject.keywordAuthor | SQL injection | - |
| dc.subject.keywordAuthor | Query result size | - |
- Files in This Item
- There are no files associated with this item.
- Appears in
Collections - School of Cyber Security > Department of Information Security > 1. Journal Articles
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
Related Researcher
- CHOI, Jin Young
- Department of Information Security