Relevant bibliographies by topics / SQL-Injection attacks

Contents

  1. Journal articles
  2. Dissertations / Theses
  3. Books
  4. Book chapters
  5. Conference papers
  6. Reports

Academic literature on the topic 'SQL-Injection attacks'

Author: Grafiati
Published: 4 June 2021
Last updated: 16 February 2022

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Select a source type:

Consult the lists of relevant articles, books, theses, conference reports, and other scholarly sources on the topic 'SQL-Injection attacks.'

Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.

You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.

Journal articles on the topic "SQL-Injection attacks"

1

Nugroho, Aldebaran Bayu, and Satria Mandala. "Study the Best PenTest Algorithm for Blind SQL Injection Attacks." International Journal on Information and Communication Technology (IJoICT) 5, no. 2 (June 10, 2020): 1. http://dx.doi.org/10.21108/ijoict.2019.52.268.

Full text
Abstract:
<p>There are several types of SQL injection attacks. One of the most popular SQL Injection Attacks is Blind SQL. This attack is performed by exploiting a gap in the database server when executing query words. If the server responds to an invalid query, the attacker will then reverse the engineering part of the SQL query, which is obtained from the error message of the server. The process of generating a blind SQL injection attack is complicated. As a result, a Pentester often requires a long time to penetrate the database server. This research provides solutions to the problems above by developing the automation of a blind SQL injection attack. The method used in this research is to generate keywords, such as the database name and table name so that the attacker can retrieve information about the user name and password. This research also compares several search algorithms, such as linear search, binary search, and interpolation search for generating the keywords of the attack. Automation of the Blind SQL Injection was successfully developed, and the performance of the keywords generation for each algorithm was also successfully measured, i.e., 1.7852 seconds for Binary Search, 1.789 seconds for interpolation and 1.902 seconds for Linear Search.</p>
APA, Harvard, Vancouver, ISO, and other styles
2

Et. al., Leelavathy S,. "A Secure Methodology to Detect and Prevent Ddos and Sql Injection Attacks." Turkish Journal of Computer and Mathematics Education (TURCOMAT) 12, no. 2 (April 11, 2021): 341–46. http://dx.doi.org/10.17762/turcomat.v12i2.722.

Full text
Abstract:
As most of the applications host on cloud, Security is a major concern for the data owners. The cloud environment has to be secure and protect data owner data from cloud attacks. In this project work, we study about securing firewall against client side attacks namely Denial of firewall and SQL injection attacks. Denial of firewall is nothing but overloading the firewall by bursting n number of requests through vulnerable scripts. SQL injection attack is defined as bypassing the security protocols by malicious scripts. Thus we proposed to design and develop a web application to detect and prevent denial of firewall and SQL injection attacks. The denial of firewall attack can be performed using Java environment based servers and prevention can be performed using Digital Signature Algorithm (DSA) in which filter based approach and software puzzle based approach are performed to detect the malicious script based requests. Once the Deep Packet Inspection (DPI): filter based approach and software puzzle based approach are find satisfactory only the request would be processed. If the request is find malicious automatically the requested IP address would be blocked. Various type of SQL injection attacks namely SQL login bypass, Blind injection, SQL sleep attack, Data fetching attack are analysed and performed. The SQL injection attack can be prevented using PREPARE statements. This statements are created to make the SQL queries more efficient and render security benefits. This statement provides effective prevention mechanism against SQL injection attacks. Thus our proposed solution, provides high security against firewall attacks namely denial of firewall and SQL injection securing the data owner files and preventing compromising of firewall
APA, Harvard, Vancouver, ISO, and other styles
3

N, Asha, M. Varun Kumar, and Vaidhyanathan G. Vaidhyanathan.G. "Preventing SQL Injection Attacks." International Journal of Computer Applications 52, no. 13 (August 30, 2012): 28–32. http://dx.doi.org/10.5120/8264-1809.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Silva, Rui Filipe, Raul Barbosa, and Jorge Bernardino. "Intrusion Detection Systems for Mitigating SQL Injection Attacks." International Journal of Information Security and Privacy 14, no. 2 (April 2020): 20–40. http://dx.doi.org/10.4018/ijisp.2020040102.

Full text
Abstract:
Databases are widely used by organizations to store business-critical information, which makes them one of the most attractive targets for security attacks. SQL Injection is the most common attack to webpages with dynamic content. To mitigate it, organizations use Intrusion Detection Systems (IDS) as part of the security infrastructure, to detect this type of attack. However, the authors observe a gap between the comprehensive state-of-the-art in detecting SQL Injection attacks and the state-of-practice regarding existing tools capable of detecting such attacks. The majority of IDS implementations provide little or no protection against SQL Injection attacks, with exceptions like the tools Bro and ModSecurity. In this article, the authors compare these tools using the CSIC dataset in order to examine the state-of-practice in database protection from SQL Injection attacks, identifying the main characteristics and implementation details needed for IDSs to successfully detect such attacks. The experiments indicate that signature-based IDS provide the greatest coverage against SQL Injection.
APA, Harvard, Vancouver, ISO, and other styles
5

Dalai, Asish Kumar, and Sanjay Kumar Jena. "Neutralizing SQL Injection Attack Using Server Side Code Modification in Web Applications." Security and Communication Networks 2017 (2017): 1–12. http://dx.doi.org/10.1155/2017/3825373.

Full text
Abstract:
Reports on web application security risks show that SQL injection is the top most vulnerability. The journey of static to dynamic web pages leads to the use of database in web applications. Due to the lack of secure coding techniques, SQL injection vulnerability prevails in a large set of web applications. A successful SQL injection attack imposes a serious threat to the database, web application, and the entire web server. In this article, the authors have proposed a novel method for prevention of SQL injection attack. The classification of SQL injection attacks has been done based on the methods used to exploit this vulnerability. The proposed method proves to be efficient in the context of its ability to prevent all types of SQL injection attacks. Some popular SQL injection attack tools and web application security datasets have been used to validate the model. The results obtained are promising with a high accuracy rate for detection of SQL injection attack.
APA, Harvard, Vancouver, ISO, and other styles
6

Kusuma, Gregorius Hendy. "Analysis of SQL Injection Attacks on Website Service." bit-Tech 1, no. 1 (September 18, 2018): 26–33. http://dx.doi.org/10.32877/bt.v1i1.3.

Full text
Abstract:
Among the various types of software vulnerabilities, command injection is the most common type of threat in web applications. In command injection, SQL injection type of attacks areextremely prevalent, and ranked as the second most common form of attack on web. SQL injection attacks involve the construction of application’s input data that will result in the execution of malicious SQL statements. Most of the SQL injection detection techniques involve the code to be written along with the actual scripting code. These techniques do not detect errors in SQL statements. Hence, this paper proposes a mechanism to identify invalid SQL statements, to analyze the query for invalid non SQL key words, and to customize the captured errors. This mechanism is different from others by means of separation of the main scripting code and SQL injection code.
APA, Harvard, Vancouver, ISO, and other styles
7

Mahrouqi, A., P. Tobin, S. Abdalla, and T. Kechadi. "Simulating SQL-Injection Cyber-Attacks Using GNS3." International Journal of Computer Theory and Engineering 8, no. 3 (June 2016): 213–17. http://dx.doi.org/10.7763/ijcte.2016.v8.1046.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Dharam, Ramya, and Sajjan G. Shiva. "Runtime Monitoring Framework for SQL Injection Attacks." International Journal of Engineering and Technology 6, no. 5 (2014): 392–401. http://dx.doi.org/10.7763/ijet.2014.v6.731.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Abdulmalik, Yazeed. "An Improved SQL Injection Attack Detection Model Using Machine Learning Techniques." International Journal of Innovative Computing 11, no. 1 (April 28, 2021): 53–57. http://dx.doi.org/10.11113/ijic.v11n1.300.

Full text
Abstract:
SQL Injection Attack (SQLIA) is a common cyberattack that target web application database. With the ever increasing and varying techniques to exploit web application SQLIA vulnerabilities, there is no a comprehensive method that can solve this kind of attacks. Therefore, these various of attack techniques required to establish many methods against in order to mitigate its threats. However, most of these methods have not yet been evaluated, where it is still just theories and require to implement and measure its performance and set its limitation. Moreover, most of the existing SQL injection countermeasures either used syntax-based detection methods or a list of predefined rules to detect the SQL injection, which is vulnerable in advance and sophisticated type of attacks because attackers create new ways to evade the detection utilizing their pre-knowledge. Although semantic-based features can improve the detection, up to our knowledge, no studies focused on extracting the semantic features from SQL stamens. This paper, investigates a designed model that can improve the efficacy of the SQL injection attack detection using machine learning techniques by extracting the semantic features that can effectively indicate the SQL injection attack. Also, a tenfold approach will be used to evaluate and validate the proposed detection model.
APA, Harvard, Vancouver, ISO, and other styles
10

J. Santhosh Kumar, B., and P. P. Anaswara. "Vulnerability detection and prevention of SQL injection." International Journal of Engineering & Technology 7, no. 2.31 (May 29, 2018): 16. http://dx.doi.org/10.14419/ijet.v7i2.31.13388.

Full text
Abstract:
SQL injection attack is the most serious security vulnerabilities on databases are connected with web or within an intranet, most of these vulnerabilities are affected by lack of input validation and SQL parameters are use. The attackers are trying to steal the data which was hidden and by attacking the database using the attacking technique that is called SQL injection attacks. The SQL injection attack detection and prevention technologies are experimented in this paper. There are different defence methods are used to prevent such as, parameterized statement, stored procedures and white list input validation. The comparative results of these methods are highlighted in the table with SQL injection query, prepared statement insertion and selection queries, stored procedures and modify queries. The comparison of these methods used for detection and prevention vulnerability in web server.
APA, Harvard, Vancouver, ISO, and other styles
More sources

Dissertations / Theses on the topic "SQL-Injection attacks"

1

Gopali, Gopali. "Protecting Web Applications from SQL Injection Attacks- Guidelines for Programmers Master Thesis." Thesis, Malmö universitet, Fakulteten för teknik och samhälle (TS), 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:mau:diva-20238.

Full text
Abstract:
Injektionsattack är den mest kritiska säkerhetsapplikationen för webbapplikationer, och SQL-injektion (SQLi) -attack är den mest rapporterade injektionsattacken på webbapplikationer. I denna avhandling har vi identifierat angreppsteknikerna som används av angripare och vi ger också riktlinjer så att programmerarna kan skriva webbapplikationskoder på ett säkert sätt för att förhindra SQLi-attackerna.Metoden som tillämpas för forskningen är litteraturstudie och vi använde vägen bevis genom demonstration för att få den tydliga bilden. Det första steget var att ta reda på kodningsfelen, då utformade vi riktlinjer som kan hjälpa till att skydda webbapplikationer från SQLi-attacker. Denna avhandling kommer att hjälpa programmerarna att förstå de olika kodningsbristerna och hur dessa kodningsfel kan förhindras och för detta har vi använt bevis genom demonstration. Denna avhandling kommer också att bidra till den allmänna medvetenheten om SQLi-attacker, attacker och riktlinjer för programmerare som designar, utvecklar och testar webbapplikationer.
Injection attack is the most critical web application security risk, and SQL-injection (SQLi) attack is the most reported injection attack on web applications. In this thesis, we have identified the attacking techniques used by attackers and we are also providing guidelines so that the programmers can write web application code in a secure way, to prevent the SQLi attacks.The methodology applied for the research is literature study and we used the way proof by demonstration to get the clear picture. The first step was to find out the coding flaws, then we designed guidelines that can help to protect web applications from SQLi attacks. This thesis will help the programmers to understand the various coding flaws and how those coding flaws can be prevented and for this, we have used proof by demonstration. This thesis will also contribute to the general awareness of SQLi attacks, attack types and guidelines for the programmers who are designing, developing and testing web applications.
APA, Harvard, Vancouver, ISO, and other styles
2

Sjöström, Linus. "Detecting SQL Injection Attacks in VoIP using Real-time Deep Packet Inspection : Can a Deep Packet Inspection Firewall Detect SQL Injection Attacks on SIP Traffic with Reasonable Performance?" Thesis, Linköpings universitet, Institutionen för datavetenskap, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-161072.

Full text
Abstract:
The use of the Internet has increased over the years, and it is now an integral part of our daily activities, as we often use it for everything from interacting on social media to watching videos online. Phone calls nowadays tend to use Voice over IP (VoIP), rather than the traditional phone networks. As with any other services using the Internet, these calls are vulnerable to attacks. This thesis focus on one particular attack: SQL injection in the Session Initial Protocol (SIP), where SIP is a popular protocol used within VoIP. To find different types of SQL injection, two classifiers are implemented to either classify SIP packets as "valid data" or "SQL injection". The first classifier uses regex to find SQL meta-characters in headers of interest. The second classifier uses naive Bayes with a training data set to classify. These two classifiers are then compared in terms of classification throughput, speed, and accuracy. To evaluate the performance impact of packet sizes and to better understand the classifiers resiliance against an attacker introducing large packets, a test with increasing packet sizes is also presented. The regex classifier is then implemented in a Deep Package Inspection (DPI) open-source implementation, nDPI, before being evaluated with regards to both throughput and accuracy. The result are in favor of the regex classifier as it had better accuracy and higher classification throughput. Yet, the naive Bayes classifier works better for new types of SQL injection that we do not know. It therefore argues that the best choice depends on the scenario; both classifiers have their strengths and weakness!
APA, Harvard, Vancouver, ISO, and other styles
3

Cetin, Cagri. "Authentication and SQL-Injection Prevention Techniques in Web Applications." Scholar Commons, 2019. https://scholarcommons.usf.edu/etd/7766.

Full text
Abstract:
This dissertation addresses the top two “most critical web-application security risks” by combining two high-level contributions. The first high-level contribution introduces and evaluates collaborative authentication, or coauthentication, a single-factor technique in which multiple registered devices work together to authenticate a user. Coauthentication provides security benefits similar to those of multi-factor techniques, such as mitigating theft of any one authentication secret, without some of the inconveniences of multi-factor techniques, such as having to enter passwords or biometrics. Coauthentication provides additional security benefits, including: preventing phishing, replay, and man-in-the-middle attacks; basing authentications on high-entropy secrets that can be generated and updated automatically; and availability protections against, for example, device misplacement and denial-of-service attacks. Coauthentication is amenable to many applications, including m-out-of-n, continuous, group, shared-device, and anonymous authentications. The principal security properties of coauthentication have been formally verified in ProVerif, and implementations have performed efficiently compared to password-based authentication. The second high-level contribution defines a class of SQL-injection attacks that are based on injecting identifiers, such as table and column names, into SQL statements. An automated analysis of GitHub shows that 15.7% of 120,412 posted Java source files contain code vulnerable to SQL-Identifier Injection Attacks (SQL-IDIAs). We have manually verified that some of the 18,939 Java files identified during the automated analysis are indeed vulnerable to SQL-IDIAs, including deployed Electronic Medical Record software for which SQL-IDIAs enable discovery of confidential patient information. Although prepared statements are the standard defense against SQL injection attacks, existing prepared-statement APIs do not protect against SQL-IDIAs. This dissertation therefore proposes and evaluates an extended prepared-statement API to protect against SQL-IDIAs.
APA, Harvard, Vancouver, ISO, and other styles
4

Smith, Grant Joseph. "Analysis and Prevention of Code-Injection Attacks on Android OS." Scholar Commons, 2014. https://scholarcommons.usf.edu/etd/5391.

Full text
Abstract:
Injection attacks are the top two causes of software errors and vulnerabilities, according to the MITRE Common Vulnerabilities list [1]. This thesis presents a threat analysis of injection attacks on applications built for Android, a popular but not rigorously studied operating system designed for mobile devices. The following thesis is argued: Injection attacks are possible on off-the-shelf Android systems, and such attacks have the capacity to compromise the device through resource denial and leaking private data. Specifically, we demonstrate that injection attacks are possible through the OS shell and through the SQLite API. To mitigate these attacks, we augment the Android OS with a taint-tracking mechanism to monitor the flow of untrusted character strings through application execution. We use this taint information to implement a mechanism to detect and prevent these injection attacks. A good denition of an attack being critical to preventing it, our mechanism is based on Ray and Ligatti's formalized “NIE" property, which states that untrusted inputs must only insert or expand noncode tokens in output programs. If this property is violated, an injection attack has occurred. This definition's detection algorithm, in combination with our taint tracker, allow our mechanism to defend against these attacks.
APA, Harvard, Vancouver, ISO, and other styles
5

Nsambu, Emmanuel, and Danish Aziz. "The Defense Against the latest Cyber Espionage both insider and outsider attacks." Thesis, Mittuniversitetet, Institutionen för informationsteknologi och medier, 2012. http://urn.kb.se/resolve?urn=urn:nbn:se:miun:diva-16477.

Full text
Abstract:
This study was carried out with the intention of examining the defensive mechanism employed against the latest cyber espionage methods including both insider and outsider attacks. The main focus of this study was on web servers as the targets of the cyber attacks. Information in connection to the study was obtained from researchers’ online articles. A survey was also conducted at MidSweden University in order to obtain information about the latest cyber attacks on web servers and about the existing defensive mechanism against such attacks. The existing defensive mechanism was surveyed and a simple design was created to assist in the investigation of the efficiency of the system. Some simple implementations of the existing defensive mechanism were made in order to provide some practical results that were used for the study. The existing defensive mechanism was surveyed and improved upon where possible. The improved defensive mechanism was designed and implemented and its results were compared with the results from the existing defensive mechanism. Due to the fact that the majority of the attackers use defensive mechanisms’ vulnerability in order to find their way into devices such as web servers, it was felt that, even with the most sophisticated improved defensive mechanism in place, it would not be entirely correct to claim that it is possible to fully protect web servers against such attacks.
APA, Harvard, Vancouver, ISO, and other styles
6

Wheeler, Ryan. "BlindCanSeeQL: Improved Blind SQL Injection For DB Schema Discovery Using A Predictive Dictionary From Web Scraped Word Based Lists." Scholar Commons, 2015. http://scholarcommons.usf.edu/etd/6050.

Full text
Abstract:
SQL Injections are still a prominent threat on the web. Using a custom built tool, BlindCanSeeQL (BCSQL), we will explore how to automate Blind SQL attacks to discover database schema using fewer requests than the standard methods, thus helping avoid detection from overloading a server with hits. This tool uses a web crawler to discover keywords that assist with autocompleting schema object names, along with improvements in ASCII bisection to lower the number of requests sent to the server. Along with this tool, we will discuss ways to prevent and protect against such attacks.
APA, Harvard, Vancouver, ISO, and other styles
7

Whitelaw, Clayton. "Precise Detection of Injection Attacks on Concrete Systems." Scholar Commons, 2015. http://scholarcommons.usf.edu/etd/6051.

Full text
Abstract:
Injection attacks, including SQL injection, cross-site scripting, and operating system command injection, rank the top two entries in the MITRE Common Vulnerability Enumeration (CVE) [1]. Under this attack model, an application (e.g., a web application) uses some untrusted input to produce an output program (e.g., a SQL query). Applications may be vulnerable to injection attacks because the untrusted input may alter the output program in malicious ways. Recent work has established a rigorous definition of injection attacks. Injections are benign iff they obey the NIE property, which states that injected symbols strictly insert or expand noncode tokens in the output program. Noncode symbols are strictly those that are either removed by the tokenizer (e.g., insignificant whitespace) or span closed values in the output program language, and code symbols are all other symbols. This thesis demonstrates that such attacks are possible on applications for Android—a mobile device operating system—and Bash—a common Linux shell—and shows by construction that these attacks can be detected precisely. Specifically, this thesis examines the recent Shellshock attacks on Bash and shows how it widely differs from ordinary attacks, but can still be precisely detected by instrumenting the output program’s runtime. The paper closes with a discussion of the lessons learned from this study and how best to overcome the practical challenges to precisely preventing these attacks in practice.
APA, Harvard, Vancouver, ISO, and other styles
8

Bahureková, Beáta. "Technika SQL injection - její metody a způsoby ochrany." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2020. http://www.nusl.cz/ntk/nusl-433304.

Full text
Abstract:
SQL injection is a technique directed against web applications using an SQL database, which can pose a huge security risk. It involves inserting code into an SQL database, and this attack exploits vulnerabilities in the database or application layer. The main goal of my thesis is to get acquainted with the essence of SQL injection, to understand the various methods of this attack technique and to show ways to defend against it. The work can be divided into these main parts, which I will discuss as follows.In the introductory part of the work I mention the theoretical basis concerning SQL injection issues. The next chapter is focused on individual methods of this technique. The analytical part is devoted to mapping the current state of test subjects, scanning tools, which form the basis for optimal research and testing of individual SQL methods, which are discussed in this part from a practical point of view along with the analysis of commands. In the last part I will implement SQL methods on selected subjects and based on the outputs I will create a universal design solution how to defend against such attacks.
APA, Harvard, Vancouver, ISO, and other styles
9

Pandey, Amit Kumar. "Securing Web Applications From Application-Level Attack." Kent State University / OhioLINK, 2007. http://rave.ohiolink.edu/etdc/view?acc_num=kent1181098075.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Uwagbole, Solomon. "A pattern-driven corpus to predictive analytics in mitigating SQL injection attack." Thesis, Edinburgh Napier University, 2018. http://researchrepository.napier.ac.uk/Output/1538260.

Full text
Abstract:
The back-end database provides accessible and structured storage for each web application's big data internet web traffic exchanges stemming from cloud-hosted web applications to the Internet of Things (IoT) smart devices in emerging computing. Structured Query Language Injection Attack (SQLIA) remains an intruder's exploit of choice to steal confidential information from the database of vulnerable front-end web applications with potentially damaging security ramifications. Existing solutions to SQLIA still follows the on-premise web applications server hosting concept which were primarily developed before the recent challenges of the big data mining and as such lack the functionality and ability to cope with new attack signatures concealed in a large volume of web requests. Also, most organisations' databases and services infrastructure no longer reside on-premise as internet cloud-hosted applications and services are increasingly used which limit existing Structured Query Language Injection (SQLI) detection and prevention approaches that rely on source code scanning. A bio-inspired approach such as Machine Learning (ML) predictive analytics provides functional and scalable mining for big data in the detection and prevention of SQLI in intercepting large volumes of web requests. Unfortunately, lack of availability of robust ready-made data set with patterns and historical data items to train a classifier are issues well known in SQLIA research applying ML in the field of Artificial Intelligence (AI). The purpose-built competition-driven test case data sets are antiquated and not pattern-driven to train a classifier for real-world application. Also, the web application types are so diverse to have an all-purpose generic data set for ML SQLIA mitigation. This thesis addresses the lack of pattern-driven data set by deriving one to predict SQLIA of any size and proposing a technique to obtain a data set on the fly and break the circle of relying on few outdated competitions-driven data sets which exist are not meant to benchmark real-world SQLIA mitigation. The thesis in its contributions derived pattern-driven data set of related member strings that are used in training a supervised learning model with validation through Receiver Operating Characteristic (ROC) curve and Confusion Matrix (CM) with results of low false positives and negatives. We further the evaluations with cross-validation to have obtained a low variance in accuracy that indicates of a successful trained model using the derived pattern-driven data set capable of generalisation of unknown data in the real-world with reduced biases. Also, we demonstrated a proof of concept with a test application by implementing an ML Predictive Analytics to SQLIA detection and prevention using this pattern-driven data set in a test web application. We observed in the experiments carried out in the course of this thesis, a data set of related member strings can be generated from a web expected input data and SQL tokens, including known SQLI signatures. The data set extraction ontology proposed in this thesis for applied ML in SQLIA mitigation in the context of emerging computing of big data internet, and cloud-hosted services set our proposal apart from existing approaches that were mostly on-premise source code scanning and queries structure comparisons of some sort.
APA, Harvard, Vancouver, ISO, and other styles
More sources

Books on the topic "SQL-Injection attacks"

1

Gupta, Sunil. SQL Injection Attacks. Berkeley, CA: Apress, 2020. http://dx.doi.org/10.1007/978-1-4842-6505-5.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

SQL injection attacks and defense. 2nd ed. Waltham, MA: Elsevier, 2012.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
3

SQL injection attacks and defense. Burlington, MA: Syngress Pub., 2009.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
4

SQL Injection Attacks and Defense. Elsevier, 2009. http://dx.doi.org/10.1016/b978-1-59749-424-3.x0001-1.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

SQL injection attacks and defense. Burlington, MA: Syngress Pub., 2009.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
6

Galluccio, Ettore, Edoardo Caselli, and Gabriele Lombari. SQL Injection Strategies: Practical Techniques to Secure Old Vulnerabilities Against Modern Attacks. Packt Publishing, Limited, 2020.

Find full text
APA, Harvard, Vancouver, ISO, and other styles

Book chapters on the topic "SQL-Injection attacks"

1

Orso, Alessandro. "SQL Injection Attacks." In Encyclopedia of Cryptography and Security, 1251–52. Boston, MA: Springer US, 2011. http://dx.doi.org/10.1007/978-1-4419-5906-5_662.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Ahuja, Bharat Kumar, Angshuman Jana, Ankit Swarnkar, and Raju Halder. "On Preventing SQL Injection Attacks." In Advances in Intelligent Systems and Computing, 49–64. New Delhi: Springer India, 2015. http://dx.doi.org/10.1007/978-81-322-2650-5_4.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Boyd, Stephen W., and Angelos D. Keromytis. "SQLrand: Preventing SQL Injection Attacks." In Applied Cryptography and Network Security, 292–302. Berlin, Heidelberg: Springer Berlin Heidelberg, 2004. http://dx.doi.org/10.1007/978-3-540-24852-1_21.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Geneiatakis, Dimitris. "Minimizing Databases Attack Surface Against SQL Injection Attacks." In Information and Communications Security, 1–9. Cham: Springer International Publishing, 2016. http://dx.doi.org/10.1007/978-3-319-29814-6_1.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Choraś, Michał, Rafał Kozik, Damian Puchalski, and Witold Hołubowicz. "Correlation Approach for SQL Injection Attacks Detection." In Advances in Intelligent Systems and Computing, 177–85. Berlin, Heidelberg: Springer Berlin Heidelberg, 2013. http://dx.doi.org/10.1007/978-3-642-33018-6_18.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Mann, Abhijot Singh, and Sheela Jain. "Efficiently-Enabled Inclusive Approach Preventing SQL Injection Attacks." In Computer Networks and Information Technologies, 421–23. Berlin, Heidelberg: Springer Berlin Heidelberg, 2011. http://dx.doi.org/10.1007/978-3-642-19542-6_79.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Arumugam, Chamundeswari, Varsha Bhargavi Dwarakanathan, S. Gnanamary, Vishalraj Natarajan Neyveli, Rohit Kanakuppaliyalil Ramesh, Yeshwanthraa Kandhavel, and Sadhanandhan Balakrishnan. "Prediction of SQL Injection Attacks in Web Applications." In Computational Science and Its Applications – ICCSA 2019, 496–505. Cham: Springer International Publishing, 2019. http://dx.doi.org/10.1007/978-3-030-24305-0_37.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Khanna, Surya, and A. K. Verma. "Classification of SQL Injection Attacks Using Fuzzy Tainting." In Advances in Intelligent Systems and Computing, 463–69. Singapore: Springer Singapore, 2017. http://dx.doi.org/10.1007/978-981-10-3373-5_46.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Aziz, Benjamin, Mohamed Bader, and Cerana Hippolyte. "Search-Based SQL Injection Attacks Testing Using Genetic Programming." In Lecture Notes in Computer Science, 183–98. Cham: Springer International Publishing, 2016. http://dx.doi.org/10.1007/978-3-319-30668-1_12.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Wu, Tsu-Yang, Jeng-Shyang Pan, Chien-Ming Chen, and Chun-Wei Lin. "Towards SQL Injection Attacks Detection Mechanism Using Parse Tree." In Advances in Intelligent Systems and Computing, 371–80. Cham: Springer International Publishing, 2015. http://dx.doi.org/10.1007/978-3-319-12286-1_38.

Full text
APA, Harvard, Vancouver, ISO, and other styles

Conference papers on the topic "SQL-Injection attacks"

1

Cetin, Cagri, Dmitry Goldgof, and Jay Ligatti. "SQL-Identifier Injection Attacks." In 2019 IEEE Conference on Communications and Network Security (CNS). IEEE, 2019. http://dx.doi.org/10.1109/cns.2019.8802743.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Ventura, Ruben. "Blind SQL Injection Attacks Optimization." In 9th International Conference on Signal, Image Processing and Pattern Recognition (SPPR 2020). AIRCC Publishing Corporation, 2020. http://dx.doi.org/10.5121/csit.2020.101909.

Full text
Abstract:
This paper presents new and evolved methods to perform Blind SQL Injection attacks. These are much faster than the current publicly available tools and techniques due to optimization and redesign ideas that hack databases in more efficient methods, using cleverer injection payloads; this is the result of years of private research. Implementing these methods within carefully crafted code has resulted in the development of the fastest tools in the world to extract information from a database through Blind SQL Injection vulnerabilities. These tools are around 1600% faster than the currently most popular tools. The nature of such attack vectors will be explained in this paper, including all of their intrinsic details.
APA, Harvard, Vancouver, ISO, and other styles
3

Wang, Jie, Raphael C. W. Phan, John N. Whitley, and David J. Parish. "Augmented attack tree modeling of SQL injection attacks." In 2010 2nd IEEE International Conference on Information Management and Engineering. IEEE, 2010. http://dx.doi.org/10.1109/icime.2010.5478321.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Halfond, William G. J., and Alessandro Orso. "Preventing SQL injection attacks using AMNESIA." In Proceeding of the 28th international conference. New York, New York, USA: ACM Press, 2006. http://dx.doi.org/10.1145/1134285.1134416.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Rauti, Sampsa, Jukka Teuhola, and Ville Leppanen. "Diversifying SQL to Prevent Injection Attacks." In 2015 IEEE Trustcom/BigDataSE/ISPA. IEEE, 2015. http://dx.doi.org/10.1109/trustcom.2015.393.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Yang Bing and Wang Xin. "Multi-level preventing SQL injection attacks." In 2013 IEEE Conference Anthology. IEEE, 2013. http://dx.doi.org/10.1109/anthology.2013.6784808.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Silva, Rui, Raul Barbosa, and Jorge Bernardino. "Testing Snort with SQL Injection Attacks." In the Ninth International C* Conference. New York, New York, USA: ACM Press, 2016. http://dx.doi.org/10.1145/2948992.2949001.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Sadeghian, Amirmohammad, Mazdak Zamani, and Shahidan M. Abdullah. "A Taxonomy of SQL Injection Attacks." In 2013 International Conference on Informatics and Creative Multimedia (ICICM). IEEE, 2013. http://dx.doi.org/10.1109/icicm.2013.53.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Wei, K., M. Muthuprasanna, and Suraj Kothari. "Preventing SQL injection attacks in stored procedures." In Australian Software Engineering Conference (ASWEC'06). IEEE, 2006. http://dx.doi.org/10.1109/aswec.2006.40.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Ezumalai, R., and G. Aghila. "Combinatorial Approach for Preventing SQL Injection Attacks." In 2009 IEEE International Advance Computing Conference (IACC 2009). IEEE, 2009. http://dx.doi.org/10.1109/iadcc.2009.4809188.

Full text
APA, Harvard, Vancouver, ISO, and other styles

Reports on the topic "SQL-Injection attacks"

1

Bri Rolston. Attack methodology Analysis: SQL Injection Attacks and Their Applicability to Control Systems. Office of Scientific and Technical Information (OSTI), September 2005. http://dx.doi.org/10.2172/911631.

Full text
APA, Harvard, Vancouver, ISO, and other styles
You might also be interested in the extended bibliographies on the topic 'SQL-Injection attacks' for particular source types:
Journal articles Dissertations / Theses
We offer discounts on all premium plans for authors whose works are included in thematic literature selections. Contact us to get a unique promo code!

To the bibliography