|
|
|
|
A Framework for Evaluation of SQL Injection Detection and Prevention Tools
|
|
|
|
|
|
|
|
نویسنده
|
Tajpour Atefeh ,Ibrahim Suhaimi
|
|
منبع
|
international journal of information and communication technology research - 2013 - دوره : 5 - شماره : 3 - صفحه:55 -62
|
|
چکیده
|
Sqlia is a hacking technique by which the attacker adds structured query language code (sqlstatements) through a web application's input fields or hidden parameters to access the resources. by sql injection an attacker gains access to underlying web application's database and destroys functionality and/or confidentiality.researchers have proposed different techniques to detect and prevent this vulnerability. in this paper we present sqlinjection attack types and also current security tools which detect or prevent this attack and compare them with eachother. finally, we propose a framework for evaluating sql injection detection or prevention tools in commoncriteria. in fact, this paper provides information about current tools for researchers and also helps security officers tochoose suitable sql injection detection tools for their web application security.
|
|
کلیدواژه
|
web application security ,web application vulnerability ,SQL Injection attack ,framework ,tool ,evaluation ,comparison
|
|
آدرس
|
University Technology Malaysia, Advanced Informatics School, مالزی, University Technology Malaysia, Advanced Informatics School, مالزی
|
|
پست الکترونیکی
|
suhaimiibrahim@utm.my
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Authors
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|