SQL Injection Defense Mechanisms for IIS+ASP+MSSQL Web Applications
نویسنده
چکیده
With the sharp increase of hacking attacks over the last couple of years, web application security has become a key concern. SQL injection is one of the most common types of web hacking and has been widely written and used in the wild. This paper analyzes the principle of SQL injection attacks on Web sites, presents methods available to prevent IIS+ASP+MSSQL web applications from these kinds of attacks, including secure coding within the web application, proper database configuration, deployment of IIS and other security techniques. The result is verified by WVS report.
منابع مشابه
SQLPrevent: Effective dynamic detection and prevention of SQL injection
This paper presents an approach for retrofitting existing web applications with run-time protection against known as well as unseen SQL injection attacks (SQLIAs). This approach (1) is resistant to evasion techniques, such as hexadecimal encoding or inline comment, (2) does not require analysis or modification of the application source code, (3) does not require modification of the runtime envi...
متن کاملRetrofitting Existing Web Applications with Effective Dynamic Protection Against SQL Injection Attacks
This paper presents an approach for retrofitting existing Web applications with run-time protection against known, as well as unseen, SQL injection attacks (SQLIAs) without the involvement of application developers. The precision of the approach is also enhanced with a method for reducing the rate of false positives in the SQLIA detection logic, via runtime discovery of the developers’ intentio...
متن کاملEfficient Design of Static Analysis Tool for Detecting Web Vulnerabilities
The number and the importance of web applications have increased rapidly over the last years. At the same time, the quantity and impact of security vulnerabilities in such applications have grown as well. Since manual code reviews are time-consuming, error prone and costly, the need for automated solutions has become evident. Many web applications written in ASP suffer from injection vulnerabil...
متن کاملCommon web application attack types and security using ASP.NET
Web applications security is one of the most daunting tasks today, because of security shift from lower levels of ISO OSI model to application level, and because of current situation in IT environment. ASP.NET offers powerful mechanisms to render these attacks futile, but it requires some knowledge of implementing Web application security. This paper focuses on attacks against Web applications,...
متن کاملReliability Testing of Applications on Windows NT
The DTS (Dependability Test Suite) fault injection tool can be used to (1) obtain fault injection-based evaluation of system reliability, (2) compare the reliability of different applications, fault tolerance middleware, and platforms, and (3) provide feedback to improve the reliability of the target applications, fault tolerance middleware, and platforms. This paper describes the architecture ...
متن کامل