Zhang Huilin,Ding Yu,Zhang Lihua,Duan Lei,Zhang Chao,Wei Tao,Li Guancheng,Han Xinhui

DOI: https://doi.org/10.7544/issn1000-1239.2016.20160443

2016-01-01

Abstract:SQL injection attacks are prevalent Web threats .Researchers have proposed many taint analysis solutions to defeat this type of attacks ,but few are efficient and practical to deploy .In this paper ,we propose a practical and accurate SQL injection prevention method by tainting trusted sensitive characters into extended UTF‐8 encodings .Unlike typical positive taint analysis solutions that taint all characters in hard‐coded strings written by the developer ,we only taint the trusted sensitive characters in these hard‐coded strings .Furthermore ,rather than modifying Web application interpreter to track taint information in extra memories ,we encode the taint metadata into the bytes of trusted sensitive characters ,by utilizing the characteristics of UTF‐8 encoding .Lastly ,we identify and escape untrusted sensitive characters in SQL statements to prevent SQL injection attacks ,without parsing the SQL statements .A prototype called PHPGate is implemented as an extension on the PHP Zend engine .The evaluation results show that PHPGate can protect Web applications from real world SQL injection attacks and introduce a low performance overhead (less than 1 .6% ) .

Lihua Zhang,Yu Ding,Chao Zhang,Lei Duan,Zhaofeng Chen,Tao Wei,Xinhui Han

2016-01-01

Abstract:SQL injection has a long history as a dangerous threat, grabbing lots of security researchers’ attentions. However, it is still ranked the first of the ten most dangerous web application threats by OWASP since 2008, indicating a big gap between researches and industry practice. Most SQL injection vulnerabilities are introduced by ignorance or negligence, so a good protection solution should be “fool-proof”. To be used in day-to-day deployment, it should also have little performance overhead. In this paper, we propose a white-delimiter-tracking defense solution against SQL injections: unlike typical taint-tracking solutions that track user inputs or all SQL related strings hard-coded in web applications, we only track the SQL delimiters in these hard-coded strings, and only allow these delimiters to be used in the final SQL statements. Furthermore, instead of allocating extra shadow memory for taint tracking, we encode the tracking information directly into the same byte as the delimiters by utilizing the characteristics of UTF-8 encoding. This solution tracks much less data than existing solutions and keeps the accuracy of byte-level taint tracking. A prototype called PHPGate is implemented on the PHP Zend engine. PHPGate can protect UTF-8 encoding web applications from real world SQL injection attacks and only introduces a performance overhead less than 1.5%.

Alex Zhu,Wei Qi Yan

DOI: https://doi.org/10.4018/ijdcf.2017100106

2017-01-01

International Journal of Digital Crime and Forensics

Abstract:SQLIA is adopted to attack websites with and without confidential information. Hackers utilized the compromised website as intermediate proxy to attack others for avoiding being committed of cyber-criminal and also enlarging the scale of Distributed Denial of Service Attack DDoS. The DDoS is that hackers maliciously turn down a website and make network resources unavailable to web users. It is extremely difficult to effectively detect and prevent SQLIA because hackers adopt various evading SQLIA Intrusion Detection System techniques. Victims may not be even aware of that their confidential data has been compromised for a long time. In this paper, our contribution is that we evaluate several most popular open source SQLIA tools and SQLIA prevention tools with both qualitative and quantitative assessments.

Asish Kumar Dalai,Sanjay Kumar Jena

DOI: https://doi.org/10.1155/2017/3825373

IF: 1.968

2017-01-01

Security and Communication Networks

Abstract:Reports on web application security risks show that SQL injection is the top most vulnerability. The journey of static to dynamic web pages leads to the use of database in web applications. Due to the lack of secure coding techniques, SQL injection vulnerability prevails in a large set of web applications. A successful SQL injection attack imposes a serious threat to the database, web application, and the entire web server. In this article, the authors have proposed a novel method for prevention of SQL injection attack. The classification of SQL injection attacks has been done based on the methods used to exploit this vulnerability. The proposed method proves to be efficient in the context of its ability to prevent all types of SQL injection attacks. Some popular SQL injection attack tools and web application security datasets have been used to validate the model. The results obtained are promising with a high accuracy rate for detection of SQL injection attack.

computer science, information systems,telecommunications

Haibin Hu

DOI: https://doi.org/10.1063/1.4982570

2017-01-01

AIP Conference Proceedings

Abstract:Among numerous WEB security issues, SQL injection is the most notable and dangerous. In this study, characteristics and procedures of SQL injection are analyzed, and the method for detecting the SQL injection attack is illustrated. The defense resistance and remedy model of SQL injection attack is established from the perspective of non-intrusive SQL injection attack and defense. Moreover, the ability of resisting the SQL injection attack of the server has been comprehensively improved through the security strategies on operation system, IIS and database, etc.. Corresponding codes are realized. The method is well applied in the actual projects.

朱辉,沈明星,李善平

DOI: https://doi.org/10.3969/j.issn.1000-3428.2010.10.059

2010-01-01

Abstract:This paper studies the code injection vulnerabilities of Web application,modifies and expands the definition of this kind of vulnerabilities with summarizing and analyzing the features of them,and transforms the causes of vulnerabilities into two kinds of coding errors to present a new test method based on testing the two kinds of coding errors.Experimental result shows that the test method can test all the code injection vulnerabilities of Web application effectively with less test workload.

Swapnil Kharche,Jagdish patil,Kanchan Gohad,Bharti Ambetkar

DOI: https://doi.org/10.48550/arXiv.1504.06920

2015-04-27

Abstract:SQL injection attacks, a class of injection flaw in which specially crafted input strings leads to illegal queries to databases, are one of the topmost threats to web applications. A Number of research prototypes and commercial products that maintain the queries structure in web applications have been developed. But these techniques either fail to address the full scope of the problem or have limitations. Based on our observation that the injected string in a SQL injection attack is interpreted differently on different <a class="link-external link-http" href="http://databases.Injection" rel="external noopener nofollow">this http URL</a> attack is a method that can inject any kind of malicious string or anomaly string on the original string. Pattern matching is a technique that can be used to identify or detect any anomaly packet from a sequential action. Most of the pattern based techniques are used static analysis and patterns are generated from the attacked statements. In this paper, we proposed a detection and prevention technique for preventing SQL Injection Attack using AhoCorasick pattern matching algorithm. In this paper, we proposed an overview of the architecture. In the initial stage evaluation, we consider some sample of standard attack patterns and it shows that the proposed algorithm is works well against the SQL Injection Attack.

Databases,Cryptography and Security

SUN Yi,HU Yu-ji,HUANG Hao

DOI: https://doi.org/10.3969/j.issn.1001-3695.2010.09.088

2010-01-01

Abstract:SQL injection attacks pose a serious threat to the security of Web applications because they can give attackers unrestricted access to databases that contain sensitive information. This paper proposed a new method based on sequence alignment for protecting existing Web applications against SQL injection. Elaborated implementation and detection pattern with sequence alignment algorithm in detail. Finally analyzed and tested the correctness and performance of the method. Experimental results show that this method is simple and effective.

Neha Patwari,Parvati Bhurani

DOI: https://doi.org/10.48550/arXiv.1207.1542

2012-07-06

Abstract:With the changing demographics of globalization, the emergence and prevalence of web application have acquired a central and pivotal role in the domains of technology and advancements. It thus becomes imperative to probe deeply into the architecture, significance and different facets of usages. Web applications enclose the functioning between a user and the services provided by the server, which contains a database as its backend. The user can access the required information through sending a request in the form of text to the web server, which is interpreted by the server side script to construct an SQL. The query is sent to the database which responds in order to generate an HTML page that is sent back to the user. Since the functioning of web application is a dynamic and complicated matter, certain threats to the database security have been registered. One such alarming threat is the prevalence of SQL Injection Attack. Hence a dynamic algorithm is given in this paper for preventing SQL Injection Attacks which is based on context free grammars and compiler parsing techniques. The paper attempts to present the notation of a SQLI Prevent Parser for the prevention of SQL Injection Attacks. This Parser determines the structure of queries and compares whether the queries are functionally equivalent or not. This parser has been used on a sample web application and the results have come out to be positive majors to prevent SQL Injection Attacks.

Networking and Internet Architecture,Cryptography and Security

Stephen Thomas,Laurie Williams,Tao Xie

DOI: https://doi.org/10.1016/j.infsof.2008.08.002

IF: 3.9

2009-01-01

Information and Software Technology

Abstract:Since 2002, over 10% of total cyber vulnerabilities were SQL injection vulnerabilities (SQLIVs). This paper presents an algorithm of prepared statement replacement for removing SQLIVs by replacing SQL statements with prepared statements. Prepared statements have a static structure, which prevents SQL injection attacks from changing the logical structure of a prepared statement. We created a prepared statement replacement algorithm and a corresponding tool for automated fix generation. We conducted four case studies of open source projects to evaluate the capability of the algorithm and its automation. The empirical results show that prepared statement code correctly replaced 94% of the SQLIVs in these projects.

Xu Xiaotian,Si Guanlin,Li Min,Gao Ranxin,Chen-Jung Wei

DOI: https://doi.org/10.1109/ITAIC54216.2022.9836786

2022-06-17

Abstract:In view of the risk of SQL injection attack faced by the Web system, this paper proposes a SQL injection attack detection mechanism based on triangle module operator. The method uses the analysis results of web logs and user input as fusion operators to judge whether an attack occurs. At the same time, for the defense against SQL injection attack, this paper believes that the source code vulnerability testing, penetration testing and security configuration verification should be conducted before the Web system goes online, therefore it can improve the security of the information system.

Computer Science

Jiao Ma,Kun Chai,Yao Xiao,Tian Lan,Wei Huang

DOI: https://doi.org/10.1109/icm.2011.287

2011-09-01

Abstract:In order to solve the problems that IDSs and firewalls cannot efficiently detect new SQL injection and too much time is wasted when the security personnel reads log files to analyze attacks, we proposed and implemented a high-interaction web honeypot system for SQL injection analysis. By (i)modifying PHP extension for MySQL to intercept database requests and (ii)adopting exception based and signature based detection techniques, the system can generate the corresponding attack graphs to solve problems above. For illustration, SQL injection attack examples are utilized to show the performance of the honeypot system. The results show that the honeypot system can intercept all database requests and increase the efficiency of SQL injection analysis with the attack graphs. This system provides an efficient and timely detection on the new SQL injection and helps security personnel quickly analyzing the new SQL injection with the attack graph.

Zijian Liu,Lei Xu

DOI: https://doi.org/10.1109/wisa.2013.45

2013-01-01

Abstract:SQL injection exploits the weakness of server, causing damage to database and threating the benefit of both corporations and individuals. SQL injection attack is still one of the most serious security threats. This paper proposes a method with static analysis and dynamic monitor to detect SQL injection attacks. Comparing to the current tools, this tool can compute danger degree of user input and classify user behavior with lower time and space complexity.

Muhammad Saidu Aliero,Kashif Naseer Qureshi,Muhammad Fermi Pasha,Awais Ahmad,Gwanggil Jeon

DOI: https://doi.org/10.1002/cpe.5936

2020-07-22

Concurrency and Computation: Practice and Experience

Abstract:<p>Structure Query Language Injection Attack is among the top 10‐security threats that can be used on the web application to cause severe damage or gain unauthorized data access to the application server. Many reports have indicated an average of 64% of global websites are at risk of being attack by SQL injection, and many of the top companies have experienced thousands of attacks attempts through SQL injection. The current trend shows the increasing number of attacks factor as a result of the daily deployment of these applications without security detection and prevention mechanism is placed. To overcome this challenge, researches in academia and industry presented a proposal that automates SQL injection vulnerabilities assessment on the tested application. Current studies show the need to enhance techniques of these proposals to reduce the false alarms. In this study, we propose a component‐based technique to minimize the incidence of inaccurate results, as well as enable the ease of improving the proposed solution. The study uses three costumed applications as tested to evaluate the accuracy of the proposed solution. Each of these testbed consists of several vulnerabilities where the experimental evaluation performs to test the proposed tool. An empirical evaluation is carried out on three vulnerable custom websites to evaluate the effectiveness of the proposed study. The experiment results indicated significant results in terms of high accuracy. On the other hand, the proposed solution also has better capabilities to analyze page response based on four different techniques. Moreover, the proposed solution is the only solution that performs stored procedure attacks SQL and bypass login authentication even if the returned records are limited restriction is applied.</p>

Ding Chen,Qiseng Yan,Chunwang Wu,Jun Zhao

DOI: https://doi.org/10.1088/1742-6596/1757/1/012055

2021-01-01

Journal of Physics: Conference Series

Abstract:Abstract Web application brings us convenience but also has some potential security problems. SQL injection attacks topped the list of Top 10 Network Security Problems released by OWASP, and the detection technology of SQL injection attacks has been one of the hotspots of network security research. In this paper, we propose a SQL injection detection method that does not rely on background rule base by using a natural language processing model and deep learning framework on the basis of comprehensive domestic and international research. The method can improve the accuracy and reduce the false alarm rate while allowing the machine to automatically learn the language model features of SQL injection attacks, greatly reducing human intervention and providing some defense against 0day attacks that never occur.

MA Bolin,ZHANG Zheng,LIU Hao,WU Jiangxing

DOI: https://doi.org/10.11959/j.issn.1000-436x.2021046

2021-01-01

Abstract:The effectiveness of combining SQL statement parsing with randomization to defend against SQL injection attack (SQLIA) was based on the fact that attackers did not know about the current method of randomization adopted by system.Therefore, once attackers had mastered the current method of randomization who can launch effective SQLIA.In order to solve this problem, a SQL injection runtime prevention system based on multi-variant execution was designed, the multi-variant apply randomization methods from any other, so that illegal SQL statements could not be parsed successfully by all variants.Even if attackers had mastered the method of randomization, illegal SQL statements could only be parsed successfully by a certain variant at most, meanwhile the parsing results of multiple variants were voted to find the abnormality in time and block attack path.The prototype system SQLMVED is implemented for Web services and experiments show that the prototype can effectively defeat SQLIA.

Muhammad Saidu Aliero,Imran Ghani,Kashif Naseer Qureshi,Mohd Fo’ad Rohani

DOI: https://doi.org/10.1007/s12652-019-01235-z

IF: 3.662

2019-02-07

Journal of Ambient Intelligence and Humanized Computing

Abstract:SQL Injection Attack (SQLIA) is one of the most severe attack that can be used against web database-driven applications. Attackers use SQLIA to obtain unauthorized access and perform unauthorized data modifications due to initial improper input validation by the web application developer. Various studies have shown that, on average, 64% of web applications worldwide are vulnerable to SQLIA due to improper input. To mitigate the devastating problem of SQLIA, this research proposes an automatic black box testing for SQL Injection Vulnerability (SQLIV). This acts to automate an SQLIV assessment in SQLIA. In addition, recent studies have shown that there is a need for improving the effectiveness of existing SQLIVS in order to reduce the cost of manual inspection of vulnerabilities and the risk of being attacked due to inaccurate false negative and false positive results. This research focuses on improving the effectiveness of SQLIVS by proposing an object-oriented approach in its development in order to help and minimize the incidence of false positive and false negative results, as well as to provide room for improving a proposed scanner by potential researchers. To test and validate the accuracy of research work, three vulnerable web applications were developed. Each possesses a different type of vulnerabilities and an experimental evaluation was used to validate the proposed scanner. In addition, an analytical evaluation is used to compare the proposed scanner with the existing academic scanners. The result of the experimental analysis shows significant improvement by achieving high accuracy compared to existing studies. Similarly, the analytical evaluations showed that the proposed scanner is capable of analyzing attacked page response using four different techniques.

computer science, information systems,telecommunications, artificial intelligence

Bing Zhang,Rong Ren,Jia Liu,Mingcai Jiang,Jiadong Ren,Jingyue Li

DOI: https://doi.org/10.1109/tse.2024.3400404

IF: 7.4

2024-07-19

IEEE Transactions on Software Engineering

Abstract:Due to well-hidden and stage-triggered properties of second-order SQL injections in web applications, current approaches are ineffective in addressing them and still report high false negatives and false positives. To reduce false results, we propose a Proxy-based static analysis and dynamic execution mechanism towards detecting, locating and preventing second-order SQL injections (SQLPsdem). The static analysis first locates SQL statements in web applications and identifies all data sources and injection points (e.g., Post, Sessions, Database, File names) that injection attacks can exploit. After that, we reconstruct the SQL statements and use attack engines to jointly generate attacks to cover all the state-of-the-art attack patterns so as to exploit these applications. We then use proxy-based dynamic execution to capture the data transmitted between web applications and their databases. The data are the reconstructed SQL statements with variable values from the attack payloads. If a web application is vulnerable, the data will contain malicious attacks on the database. We match the data with rules formulated by attack patterns to detect first and second-order SQL injection vulnerabilities in web applications, particularly the second-order ones. We use a representative and complete coverage of attack patterns and precise matching rules to reduce false results. By escaping and truncating malicious payloads in the data transmitted from the web application to the database, we can eliminate the possible negative impact of the data on the database. In the evaluation, by generating 52,771 SQL injection attacks using four attack generators, SQLPsdem successfully detects 26 second-order (including 13 newly discovered ones) and 375 first-order SQL injection vulnerabilities in 12 open-source web applications. SQLPsdem can also 100% eliminate the malicious impact of the data with negligible overhead.

engineering, electrical & electronic,computer science, software engineering

Bernhard Garn,Jovan Zivanovic,Manuel Leithner,Dimitris E. Simos

DOI: https://doi.org/10.1002/stvr.1826

2022-07-04

Software Testing Verification and Reliability

Abstract:This work presents a gray‐box combinatorial security testing methodology for detecting SQL injection vulnerabilities in web applications. New attack grammars modelling SQL injections are proposed. This combinatorial security testing approach performs equally well or better when compared to existing state‐of‐the‐art SQL injection security testing tools. Summary This work presents an extended and enhanced gray‐box combinatorial security testing methodology for SQL injection vulnerabilities in web applications. We propose multiple new attack grammars modelling SQLi attacks against MySQL‐compatible databases, each one targeting a different injection context. Additionally, these grammars are also dynamically refined at the beginning of each attack against an endpoint of a web application, as a further optimization of the used attack model by taking into account the specifics of the generated query of that endpoint. Our goal is to enhance existing combinatorial approaches for detecting SQL injection vulnerabilities. The newly developed methodology is implemented in a prototype security testing tool called SQLInjector+, which is an extension of an earlier prototype developed by us in prior work. This improved tool can attack (i.e. test) any web application that uses a MySQL‐compatible database management system. We evaluate our revised approach and improved prototype tool in a case study comprising of different kinds of web applications to which SQLi is a potential security threat. The case study contains the well‐known verification framework WAVSEP among other five real‐world web applications and one web application firewall. Our generated attack vectors, constructed via combinatorial methods applied to our improved and dynamically optimized attack grammars, are capable of injecting every known vulnerable endpoint in WAVSEP and also of finding new vulnerable parameters in some of the real‐world applications investigated in this paper. Our approach performs equally well or better when compared with existing state‐of‐art of SQL injection security testing tools (sqlmap, w3af, wapiti and fuzzdb) across all tested web applications in the case study.

computer science, software engineering

Sandeep Nair Narayanan,Alwyn Roshan Pais,Radhesh Mohandas

DOI: https://doi.org/10.1007/978-3-642-22786-8_13

2011-01-01

Abstract:SQL injection vulnerability is a kind of injection vulnerability in which the database server is forced to execute some illicit operations by crafting specific inputs to the web server. Even though this vulnerability has had it’s presence for several years now, most of its popular mitigation techniques are based on safe coding practices, which are neither applicable to the existing applications, nor are application independent. Here we propose a new application logic independent solution to prevent SQL injection attacks which can be applicable to any dynamic web technology. The new solution detects SQL injection by considering the semantic variance between the queries generated by the query function with safe inputs and injection inputs. We have implemented the complete solution in ASP.NET with C# web applications using a custom written tool, SIAP, which patches the SQL Injection vulnerabilities in an existing web application by instrumenting the binaries.