Browse wiki

From Navigators

Jump to: navigation, search
Publication:DSN 2017
Abstract Despite the significant efforts put in bui Despite the significant efforts put in building more secure web applications, cases of high impact breaches continue to appear. Vulnerabilities in web applications are often created due to inconsistencies in the way SQL queries are believed to be run and the way they are actually executed by a Database Management System (DBMS). This paper presents a demonstration of SEPTIC, a mechanism that detects and blocks injection attacks inside the DBMS. The demonstration considers a scenario of a non-trivial PHP web application, backed by a MySQL DBMS, which was modified to include SEPTIC. It presents how SEPTIC blocks injection attacks without compromising the application correctness and performance. In addition, SEPTIC is compared to alternative approaches, such as sanitizations carried out with standard functions provided language and a web application firewall. d language and a web application firewall.
Author Ibéria Medeiros + , Nuno Ferreira Neves + , Miguel Beatriz + , Miguel Correia +
Booktitle Proceedings of the International Conference on Dependable Systems and Networks (DSN).  +
Document Document for Publication-DSN 2017.pdf +
Key DSN 2017  +
Month jun  +
NumPubDate 2,017.06  +
Project Project:SEGRID +
ResearchLine Fault and Intrusion Tolerance in Open Distributed Systems (FIT) +
Title Demonstrating a Tool for Injection Attack Prevention in MySQL  +
Type inproceedings  +
Year 2017  +
Has improper value forThis property is a special property in this wiki. Url  +
Categories Publication  +
Modification dateThis property is a special property in this wiki. 9 September 2017 17:50:16  +
hide properties that link here 
  No properties link to this page.
 

 

Enter the name of the page to start browsing from.
Views
Personal tools
Toolbox
Navigators toolbox