Visible to the public Research on SQL Injection Attack and Prevention Technology Based on Web

TitleResearch on SQL Injection Attack and Prevention Technology Based on Web
Publication TypeConference Paper
Year of Publication2019
AuthorsMa, Limei, Zhao, Dongmei, Gao, Yijun, Zhao, Chen
Conference Name2019 International Conference on Computer Network, Electronic and Automation (ICCNEA)
Date Publishedsep
Keywordsapplication security risks, B/S mode application development, Collaboration, component, data protection, database management systems, database query code, database security attack, database security protection technology, Databases, Human Behavior, Information filters, Injection attack, Metrics, policy-based governance, Prevention Technology, privacy, pubcrawl, query processing, resilience, Resiliency, security of data, Servers, SQL, SQL detection, SQL Injection, SQL injection attack, Structured Query Language, user input data legitimacy, web
AbstractThis SQL injection attack is one of the common means for hackers to attack database. With the development of B/S mode application development, more and more programmers use this mode to write applications. However, due to the uneven level and experience of programmers, a considerable number of programmers do not judge the legitimacy of user input data when writing code, which makes the application security risks. Users can submit a database query code and get some data they want to know according to the results of the program. SQL injection attack belongs to one of the means of database security attack. It can be effectively protected by database security protection technology. This paper introduces the principle of SQL injection, the main form of SQL injection attack, the types of injection attack, and how to prevent SQL injection. Discussed and illustrated with examples.
DOI10.1109/ICCNEA.2019.00042
Citation Keyma_research_2019