Please use this identifier to cite or link to this item:

A Structured Analysis of SQL Injection Runtime Mitigation Techniques

File Size Format  
paper0356.pdf 1.41 MB Adobe PDF View/Open

Item Summary

Title:A Structured Analysis of SQL Injection Runtime Mitigation Techniques
Authors:Steiner, Stu
Conte de Leon, Daniel
Alves-Foss, Jim
Date Issued:04 Jan 2017
Abstract:SQL injection attacks (SQLIA) still remain one of the most commonly occurring and exploited vulnerabilities. A considerable amount of research concerning SQLIA mitigation techniques has been conducted with the primary resulting solution requiring developers to code defensively. Although, defensive coding is a valid solution, the current market demand for websites is being filled by inexperienced developers with little knowledge of secure development practices. Unlike the successful case of ASLR, no SQLIA runtime mitigation technique has moved from research to enterprise use. This paper presents an in-depth analysis and classification, based on Formal Concept Analysis, of the 10 major SQLIA runtime mitigation techniques. Based on this analysis, one technique was identified that shows the greatest potential for transition to enterprise use. This analysis also serves as an enhanced SQLIA mitigation classification system. Future work includes plans to move the selected SQLIA runtime mitigation technique closer to enterprise use.
Pages/Duration:9 pages
Rights:Attribution-NonCommercial-NoDerivatives 4.0 International
Appears in Collections: Supply Chain Security and Mutual Trust Research Minitrack

Please email if you need this content in ADA-compliant format.

This item is licensed under a Creative Commons License Creative Commons