Preventing SQL injection attacks by automatic parameterizing of raw queries using lexical and semantic analysis methods

Q: How can I download an article?

To download an article from SID, first log in to the site, search for the article title, and click on the 'Download Article' option.

Q: How can I download an ISI article?

To download an ISI article on SID, enter the keyword or article title in the search bar, view the relevant results, click on the desired article, and select the 'Download Article' option.

Q: How can I access the SID database?

To access the SID database, visit SID.ir, create an account, and log in to access scientific resources.

Q: Is downloading articles from SID free?

Some articles on SID are available for free, while others require payment. Details are specified on the article's page.

Dolatnezhad Samarin S.; AMINI M.

مرکز اطلاعات علمی Scientific Information Database (SID) - Trusted Source for Research and Academic Resources

Journal Paper

Paper Information

Journal: Scientia Iranica Year:2019 | Volume:26 | Issue:6 (Special Issue on: Transactions D: Computer Science & Engineering and Electrical Engineering) Page(s): 3469-3484

Download Full-Text

View:

241

Download:

232

Cites:

Information Journal Paper

Title

Preventing SQL injection attacks by automatic parameterizing of raw queries using lexical and semantic analysis methods

Author(s)

Dolatnezhad Samarin S. | AMINI M. | Issue Writer Certificate

Keywords

Database security

SQL Injection (SQLI)

Intrusion detection and prevention

Parameterized query

Semantic analysis

Abstract

SQL injection (SQLI) is one of the most important security threats against web applications. Many tech-niques have been proposed for counteracting SQLI attacks; however, second-order attacks and the injection attacks that are raising data-type mismatch errors have been ignored in most of them. In this paper, we propose a new anomaly-based method (deploying as a proxy between the application server and its database server) for detection and/or prevention of SQLI attacks without requiring any modi cation to the source code of vulnerable applications. The majority of attacks, which lead to a change in the syntax of applica-tion queries, are identi ed in the detection phase by lexical analysis of the queries. The remained types of attacks, such as second-order attacks and attacks generating data type mismatch errors, are prevented to be executed in the prevention phase, where each query is automatically converted to a Parameterized query (before submitting to its database) using a Semantic analysis method.

Multimedia

No record.

Cites

No record.

References

No record.

Cite

APA: Copy

Dolatnezhad Samarin, S., & AMINI, M.. (2019). Preventing SQL injection attacks by automatic parameterizing of raw queries using lexical and semantic analysis methods. SCIENTIA IRANICA, 26(6 (Special Issue on: Transactions D: Computer Science & Engineering and Electrical Engineering)), 3469-3484. SID. https://sid.ir/paper/290882/en

Vancouver: Copy

Dolatnezhad Samarin S., AMINI M.. Preventing SQL injection attacks by automatic parameterizing of raw queries using lexical and semantic analysis methods. SCIENTIA IRANICA[Internet]. 2019;26(6 (Special Issue on: Transactions D: Computer Science & Engineering and Electrical Engineering)):3469-3484. Available from: https://sid.ir/paper/290882/en

IEEE: Copy

S. Dolatnezhad Samarin, and M. AMINI, “Preventing SQL injection attacks by automatic parameterizing of raw queries using lexical and semantic analysis methods,” SCIENTIA IRANICA, vol. 26, no. 6 (Special Issue on: Transactions D: Computer Science & Engineering and Electrical Engineering), pp. 3469–3484, 2019, [Online]. Available: https://sid.ir/paper/290882/en

Related Journal Papers

No record.

Related Seminar Papers

No record.

Related Plans

No record.

Recommended Workshops