Please use this identifier to cite or link to this item:
A Structured Analysis of SQL Injection Runtime Mitigation Techniques
|Title:||A Structured Analysis of SQL Injection Runtime Mitigation Techniques|
Conte de Leon, Daniel
|Issue Date:||04 Jan 2017|
|Abstract:||SQL injection attacks (SQLIA) still remain one of the most commonly occurring and exploited vulnerabilities. A considerable amount of research concerning SQLIA mitigation techniques has been conducted with the primary resulting solution requiring developers to code defensively. Although, defensive coding is a valid solution, the current market demand for websites is being filled by inexperienced developers with little knowledge of secure development practices. Unlike the successful case of ASLR, no SQLIA runtime mitigation technique has moved from research to enterprise use. This paper presents an in-depth analysis and classification, based on Formal Concept Analysis, of the 10 major SQLIA runtime mitigation techniques. Based on this analysis, one technique was identified that shows the greatest potential for transition to enterprise use. This analysis also serves as an enhanced SQLIA mitigation classification system. Future work includes plans to move the selected SQLIA runtime mitigation technique closer to enterprise use.|
|Rights:||Attribution-NonCommercial-NoDerivatives 4.0 International|
|Appears in Collections:||Supply Chain Security and Mutual Trust Research Minitrack|
Please contact firstname.lastname@example.org if you need this content in an alternative format.
Items in ScholarSpace are protected by copyright, with all rights reserved, unless otherwise indicated.