2011 | OriginalPaper | Buchkapitel
SQLIVD - AOP: Preventing SQL Injection Vulnerabilities Using Aspect Oriented Programming through Web Services
verfasst von : V. Shanmughaneethi, Ra. Yagna Pravin, C. Emilin Shyni, S. Swamynathan
Erschienen in: High Performance Architecture and Grid Computing
Verlag: Springer Berlin Heidelberg
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
Security remains a major threat to the entire Web for many kinds of transactions. Most of the threats are created through application level vulnerabilities and have been exploited with serious consequences. Among the various types of application level vulnerabilities, command injection is the most common type of threat in web applications. Among command injection attack, SQL injection type of attacks are extremely prevalent, and ranked as the second most common form of attack on web. SQL injection attacks involve the construction of application’s input data that will result in the execution of malicious SQL statements. Hence, this paper (SQLIVD-AOP) proposes a mechanism to intercept SQL statements without any modification of an application using Aspect Oriented Programming and to analyze the query for its legitimacy, and to customize the errors. This mechanism is different from others by query interception and separation of the main scripting code with SQL injection code. The SQL validations and injection detections code are implemented by means of web services.