Obfuscation-based analysis of SQL injection attacks
In this paper, we propose an obfuscation/deobfuscation based technique to detect the
presence of possible SQL Injection Attacks (SQLIA) in a query before submitting it to a
DBMS. This technique combines static and dynamic analysis. In the static phase, the queries
in the application are replaced by queries in obfuscated form. The main idea behind
obfuscation is to isolate all the atomic formulas from other control elements of the query.
During the dynamic phase, the user inputs are merged into the obfuscated atomic formulas …
presence of possible SQL Injection Attacks (SQLIA) in a query before submitting it to a
DBMS. This technique combines static and dynamic analysis. In the static phase, the queries
in the application are replaced by queries in obfuscated form. The main idea behind
obfuscation is to isolate all the atomic formulas from other control elements of the query.
During the dynamic phase, the user inputs are merged into the obfuscated atomic formulas …
In this paper, we propose an obfuscation/ deobfuscation based technique to detect the presence of possible SQL Injection Attacks (SQLIA) in a query before submitting it to a DBMS. This technique combines static and dynamic analysis. In the static phase, the queries in the application are replaced by queries in obfuscated form. The main idea behind obfuscation is to isolate all the atomic formulas from other control elements of the query. During the dynamic phase, the user inputs are merged into the obfuscated atomic formulas, and the dynamic verifier analysis the presence of possible SQLIA at atomic formula level. Finally, a deobfuscation step is performed to recover the original query before submitting it to the DBMS.
ieeexplore.ieee.org
以上显示的是最相近的搜索结果。 查看全部搜索结果