Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
INJECTION ATTACK
Nguyen Van Cuong
Outline
Introduction
Some popular methods
A new approach
Introduction
Amnesia ok ok ok ok fail ok ok
mentioned approaches:
errors can be detected only at runtime
hidden error or blocking valid queries
models: tightly fit to the applications
3. William G.J. Halfond, Alessandro Orso. WASP: Preventing SQL injection attacks using
AMNESIA [online]. New York, ACM New York; May 2006.
URL:http://dl.acm.org.ezproxy.metropolia.fi/citation.cfm?
id=1134285.1134416&coll=DL&dl=ACM&CFID=636147638&CFTOKEN=79427405.
Accessed 12 March 2015.
REFERENCES
4. William G.J. Halfond, Jeremy Viegas, Alessandro Orso. A Classification of SQL
Injection Attacks and Countermeasures [online]. Atlanta, Georgia Institute of
Technology.
URL:http://www.cc.gatech.edu/fac/Alex.Orso/papers/halfond.viegas.orso.ISSSE06.
pdf. Accessed 12 March 2015.
5. Z. Lashkaripour, A. Ghaemi Bafghi. A Simple and Fast Technique for Detection and
Prevention of SQL Injection Attacks (SQLIAs) [online]. International Journal of
Security and Its Applications, Vol.7, No.5 (2013), pp.53-66.
URL:http://www.sersc.org/journals/IJSIA/vol7_no5_2013/5_2.pdf. Accessed 12
March 2015.
THANK YOU!