Abstract
|
Despite the significant efforts put in bui … Despite the significant efforts put in building more secure web applications, cases of high impact breaches continue to appear. Vulnerabilities in web applications are often created due to inconsistencies in the way SQL queries are believed to be run and the way they are actually executed by a Database Management System (DBMS).
This paper presents a demonstration of SEPTIC, a mechanism that detects and blocks injection attacks inside the DBMS. The demonstration considers a scenario of a non-trivial PHP web application, backed by a MySQL DBMS, which was modified to include SEPTIC. It presents how SEPTIC blocks injection attacks without compromising the application correctness and performance. In addition, SEPTIC is compared to alternative approaches, such as sanitizations carried out with standard functions provided language and a web application firewall. d language and a web application firewall.
|
Author
|
Ibéria Medeiros +
, Nuno Ferreira Neves +
, Miguel Beatriz +
, Miguel Correia +
|
Booktitle
|
Proceedings of the International Conference on Dependable Systems and Networks (DSN). +
|
Document
|
Document for Publication-DSN 2017.pdf +
|
Key
|
DSN 2017 +
|
Month
|
jun +
|
NumPubDate
|
2,017.06 +
|
Project
|
Project:SEGRID +
|
ResearchLine
|
Fault and Intrusion Tolerance in Open Distributed Systems (FIT) +
|
Title
|
Demonstrating a Tool for Injection Attack Prevention in MySQL +
|
Type
|
inproceedings +
|
Year
|
2017 +
|
Has improper value forThis property is a special property in this wiki.
|
Url +
|
Categories |
Publication +
|
Modification dateThis property is a special property in this wiki.
|
9 September 2017 17:50:16 +
|