Corpus ID: 5969227

A Classification of SQL-Injection Attacks and Countermeasures

@inproceedings{Halfond2006ACO,
  title={A Classification of SQL-Injection Attacks and Countermeasures},
  author={William G. J. Halfond and J. Viegas and A. Orso},
  year={2006}
}

William G. J. Halfond, J. Viegas, A. Orso

Published 2006

Computer Science

SQL injection attacks pose a serious security threat to Web applications: they allow attackers to obtain unrestricted access to the databases underlying the applications and to the potentially sensitive information these databases contain. [...] Key Method For each type of attack, we provide descriptions and examples of how attacks of that type could be performed. We also present and analyze existing detection and prevention techniques against SQL injection attacks. For each technique, we discuss its strengths…Expand Abstract

Share This Paper

592 Citations

Highly Influential Citations

59

Background Citations

270

Methods Citations

102

Figures, Tables, and Topics from this paper

Figures and Tables

Analysis of SQL Injection Attack

Jayeeta Majumder, G. Saha
2012

A Survey Of Sql Injection Countermeasures

R. P. Mahapatra, Subi Khan
Computer Science
2012

6
PDF

Preventing SQL injection Attacks Using Cryptography Methods

D. S. Kumar, D. A. Rahman
2015

1
PDF

Prevention of SQL Injection Attacks using RC4 and Blowfish Encryption Techniques

3

Detection and Prevention of SQL Injection attack

M. Kumar, L. Indu
2014

9
PDF

An Overview to SQL Injection Attacks and its Countermeasures

V. S. Patil, G. R. Bamnote
Computer Science
2014

1

A Weight-Based Symptom Correlation Approach to SQL Injection Attacks

M. Ficco, L. Coppolino, L. Romano
Computer Science
2009 Fourth Latin-American Symposium on Dependable Computing
2009

22

SQL Injection: The Longest Running Sequel in Programming History

M. Horner, Thomas Hyslip
Computer Science
J. Digit. Forensics Secur. Law
2017

1
PDF

SQL Injection Detection and Prevention Using Input Filter Technique

Shruti Bangre, Alka Jaiswal
Computer Science
2012

9
PDF

Detecting and Defeating SQL Injection Attacks

Sangita Roy, A. Singh, A. S. Sairam
Computer Science
2011

15
PDF

‹
1
2
3
4
5
›

References

SHOWING 1-10 OF 59 REFERENCES

SORT BY

Defending Against Injection Attacks Through Context-Sensitive String Evaluation

T. Pietraszek, C. V. Berghe
Computer Science
RAID
2005

363
PDF

Combining static analysis and runtime monitoring to counter SQL-injection attacks

William G. J. Halfond, A. Orso
Computer Science
WODA '05
2005

102
PDF

AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks

William G. J. Halfond, A. Orso
Computer Science
ASE '05
2005

598
PDF

SQLrand: Preventing SQL Injection Attacks

S. Boyd, A. Keromytis
Computer Science
ACNS
2004

440
PDF

SQL Injection: Modes of attack, defence, and why it matters

S. McDonald
Engineering
2002

44

Using parse tree validation to prevent SQL injection attacks

Gregory Buehrer, B. Weide, P. Sivilotti
Computer Science
SEM '05
2005

418
PDF

Web application security assessment by fault injection and behavior monitoring

Yao-Wen Huang, Shih-Kun Huang, Tsung-Po Lin, C. Tsai
Computer Science
WWW '03
2003

367
PDF

Abstracting application-level web security

D. Scott, R. Sharp
Computer Science
WWW '02
2002

291
PDF

A Learning-Based Approach to the Detection of SQL Attacks

Fredrik Valeur, D. Mutz, G. Vigna
Computer Science
DIMVA
2005

312
PDF

An Analysis Framework for Security in Web Applications

Gary Wassermann, Z. Su
Computer Science
2004

100
PDF

‹
1
2
3
4
5
›