Please use this identifier to cite or link to this item: http://hdl.handle.net/10125/41505

A Structured Analysis of SQL Injection Runtime Mitigation Techniques

File SizeFormat 
paper0356.pdf1.41 MBAdobe PDFView/Open

Item Summary

Title: A Structured Analysis of SQL Injection Runtime Mitigation Techniques
Authors: Steiner, Stu
Conte de Leon, Daniel
Alves-Foss, Jim
Keywords: injection
SQL
web
Issue Date: 04 Jan 2017
Abstract: SQL injection attacks (SQLIA) still remain one of the most commonly occurring and exploited vulnerabilities. A considerable amount of research concerning SQLIA mitigation techniques has been conducted with the primary resulting solution requiring developers to code defensively. Although, defensive coding is a valid solution, the current market demand for websites is being filled by inexperienced developers with little knowledge of secure development practices. Unlike the successful case of ASLR, no SQLIA runtime mitigation technique has moved from research to enterprise use. This paper presents an in-depth analysis and classification, based on Formal Concept Analysis, of the 10 major SQLIA runtime mitigation techniques. Based on this analysis, one technique was identified that shows the greatest potential for transition to enterprise use. This analysis also serves as an enhanced SQLIA mitigation classification system. Future work includes plans to move the selected SQLIA runtime mitigation technique closer to enterprise use.
Pages/Duration: 9 pages
URI/DOI: http://hdl.handle.net/10125/41505
ISBN: 978-0-9981331-0-2
DOI: 10.24251/HICSS.2017.349
Rights: Attribution-NonCommercial-NoDerivatives 4.0 International
Appears in Collections:Supply Chain Security and Mutual Trust Research Minitrack



Items in ScholarSpace are protected by copyright, with all rights reserved, unless otherwise indicated.