Raveshi et al. - Google Patents
Investigation and Analysis of SQL Injection Attacks on Web Applications: SurveyRaveshi et al.
View PDF- Document ID
- 1018088880975626255
- Author
- Raveshi Z
- Idate S
- Publication venue
- International Journal of Engineering and Advanced Technology (IJEAT) ISSN
External Links
Snippet
SQL injection attacks are a serious security threat to Web applications. They allow attackers to gain unrestricted access to the databases underlying the applications and to retrieve sensitive information from databases. Many researchers and practitioners have proposed …
- 239000007924 injection 0 title abstract description 99
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2127—Bluffing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2119—Authenticating web pages, e.g. with suspicious links
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2111—Location-sensitive, e.g. geographical location, GPS
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2101—Auditing as a secondary aspect
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8146135B2 (en) | Establishing and enforcing security and privacy policies in web-based applications | |
| US7051366B1 (en) | Evidence-based security policy manager | |
| US8341104B2 (en) | Method and apparatus for rule-based masking of data | |
| US8181221B2 (en) | Method and system for masking data | |
| US8146165B2 (en) | Method and apparatus for providing a data masking portal | |
| Al-Khurafi et al. | Survey of web application vulnerability attacks | |
| US20070226783A1 (en) | User-administered single sign-on with automatic password management for web server authentication | |
| US9722973B1 (en) | System and method to anonymize data transmitted to a destination computing device | |
| US20070011742A1 (en) | Communication information monitoring apparatus | |
| US8499170B1 (en) | SQL injection prevention | |
| Das et al. | An approach to detection of SQL injection attack based on dynamic query matching | |
| Shanmugam et al. | A solution to block cross site scripting vulnerabilities based on service oriented architecture | |
| Medhane | Efficient solution for SQL injection attack detection and prevention | |
| Jovičić et al. | Common web application attack types and security using asp. net | |
| Raveshi et al. | Investigation and Analysis of SQL Injection Attacks on Web Applications: Survey | |
| Asha et al. | Preventing sql injection attacks | |
| Nabi | Designing a framework method for secure business application logic integrity in e-commerce systems | |
| Mishra et al. | A REVIEW ON SQL INJECTION, DETECTION AND PREVENTIONS TECHNIQUES | |
| Luong | Intrusion detection and prevention system: SQL-injection attacks | |
| US20020144157A1 (en) | Method and apparatus for security of a network server | |
| Landsmann et al. | Web application security: A survey of prevention techniques against sql injection | |
| Mishra et al. | XML-Based Authentication to Handle SQL Injection | |
| Pandey | Securing web applications from application-level attack | |
| Swarup et al. | Web Vulnerability Scanner (WVS): A Tool for detecting Web Application Vulnerabilities | |
| Halde | SQL Injection analysis, Detection and Prevention |