Sciweavers

KBSE
2005
IEEE

AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks

14 years 6 months ago
AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks
The use of web applications has become increasingly popular in our routine activities, such as reading the news, paying bills, and shopping on-line. As the availability of these services grows, we are witnessing an increase in the number and sophistication of attacks that target them. In particular, SQL injection, a class of codeinjection attacks in which specially crafted input strings result in illegal queries to a database, has become one of the most serious threats to web applications. In this paper we present and evaluate a new technique for detecting and preventing SQL injection attacks. Our technique uses a model-based approach to detect illegal queries before they are executed on the database. In its static part, the technique uses program analysis to automatically build a model of the legitimate queries that could be generated by the application. In its dynamic part, the technique uses runtime monitoring to inspect the dynamically-generated queries and check them against the ...
William G. J. Halfond, Alessandro Orso
Added 25 Jun 2010
Updated 25 Jun 2010
Type Conference
Year 2005
Where KBSE
Authors William G. J. Halfond, Alessandro Orso
Comments (0)