Model Based Hybrid Approach to Prevent SQL Injection Attacks in PHP

Sadalkar, Kunal; Mohandas, Radhesh; Pais, Alwyn Roshan

doi:10.1007/978-3-642-24586-2_3

Cited by 5 publications

(4 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For instance, inserting the "OR empId=10002" injection code can inquire and leak information from other employees. 2 shows the URL and SQL command details [103].…”

Section: Sql Injection In the Get Modementioning

confidence: 99%

See 1 more Smart Citation

SQL Injection Attacks Prevention System Technology: Review

Kareem

Ameen²,

Salih³

et al. 2021

AJRCoS

View full text Add to dashboard Cite

The vulnerabilities in most web applications enable hackers to gain access to confidential and private information. Structured query injection poses a significant threat to web applications and is one of the most common and widely used information theft mechanisms. Where hackers benefit from errors in the design of systems or existing gaps by not filtering the user's input for some special characters and symbols contained within the structural query sentences or the quality of the information is not checked, whether it is text or numerical, which causes unpredictability of the outcome of its implementation. In this paper, we review PHP techniques and other techniques for protecting SQL from the injection, methods for detecting SQL attacks, types of SQL injection, causes of SQL injection via getting and Post, and prevention technology for SQL vulnerabilities.

show abstract

“…For instance, inserting the "OR empId=10002" injection code can inquire and leak information from other employees. 2 shows the URL and SQL command details [103].…”

Section: Sql Injection In the Get Modementioning

confidence: 99%

“…The acquired results are promising, with a high precision rate for SQL injection detection. Also, the Author used the PHP system in [103]. They introduced a hybrid technique in PHP, the popular server-side programming language, for preventing SQL assaults.…”

Section: Prevention Sql Injection Using Php Systemmentioning

confidence: 99%

SQL Injection Attacks Prevention System Technology: Review

Kareem

Ameen²,

Salih³

et al. 2021

AJRCoS

View full text Add to dashboard Cite

show abstract

“…The typical representative of SQL injection vulnerability detection defense using the combination of static analysis and dynamic analysis is a fully automated AMNESIA technology framework proposed by Halfond. The detection process is divided into two phases, that is, the static analysis phase and the dynamic analysis phase [6]. Sadalkar K et al [7] proposed a model using a hybrid approach, namely static analysis and runtime analysis.…”

Section: Related Workmentioning

confidence: 99%

The Research on Web Vulnerability Defense Model Based on SVM

2018

Proceedings of 2018 the 8th International Workshop on Computer Science and Engineering

View full text Add to dashboard Cite

Aiming at the problem of low defense efficiency of traditional web attack, this paper proposes a model of web attack defense framework based on SVM. It mainly focuses on cross-site scripting attacks and SQL injection attacks. And the defense against cross-site scripting attacks is not only for reflective and stored cross-site scripting attacks, but also for cross-site scripting attacks based on the DOM by modifying the scripting engine.

show abstract

“…This system adopts the front-back reachability analysis method to calculate the possible values of character expression in the calculation program, and finally realizes the detection and determination of SQL vulnerabilities through a series of intersection, union and operation of the automation module. In the Reference [3], it proposes a mixed strategy SQL vulnerability detection method for PHP application. This method firstly constructs a query model for each injection point in safe mode.…”

Section: Introductionmentioning

confidence: 99%

Detecting SQL Vulnerability Attack Based on the Dynamic and Static Analysis Technology

Wang

Zhao

et al. 2015

2015 IEEE 39th Annual Computer Software and Applications Conference

View full text Add to dashboard Cite

Targeting at PHP program, this paper proposes an SQL vulnerability detection method based on the injection analysis technology. This method makes a detailed analysis on the one-time injection in the aspects of data flow and program behavior, on the basis of the combination of dynamic and static analysis technique. Then it implements the SQL vulnerability determination algorithm which is based on lexical feature comparison. At last, this paper combines alias analysis technology, behavior model and SQL which is based on lexical feature comparison to design and establish a prototype system for SQL vulnerability detection. The experiment shows that our system has a good strong ability of SQL vulnerability detection and very low time cost. Keywords-SQL vulnerabilities; combination of static and dynamic technique; alias analysis; behavior model I.0730-3157/15 $31.00

show abstract

Model Based Hybrid Approach to Prevent SQL Injection Attacks in PHP

Cited by 5 publications

References 9 publications

SQL Injection Attacks Prevention System Technology: Review

SQL Injection Attacks Prevention System Technology: Review

The Research on Web Vulnerability Defense Model Based on SVM

Detecting SQL Vulnerability Attack Based on the Dynamic and Static Analysis Technology

Contact Info

Product

Resources

About