Volume 5, Issue 3 (9-2013)                   2013, 5(3): 55-62 | Back to browse issues page

XML Print


Download citation:
BibTeX | RIS | EndNote | Medlars | ProCite | Reference Manager | RefWorks
Send citation to:

Tajpour A, brahim S I. A Framework for Evaluation of SQL Injection Detection and Prevention Tools . International Journal of Information and Communication Technology Research 2013; 5 (3) :55-62
URL: http://ijict.itrc.ac.ir/article-1-153-en.html
Abstract:   (2640 Views)

SQLIA is a hacking technique by which the attacker adds Structured Query Language code (SQL statements) through a web application's input fields or hidden parameters to access the resources. By SQL injection an attacker gains access to underlying web application's database and destroys functionality and/or confidentiality. Researchers have proposed different techniques to detect and prevent this vulnerability. In this paper we present SQL injection attack types and also current security tools which detect or prevent this attack and compare them with each other. Finally, we propose a framework for evaluating SQL injection detection or prevention tools in common criteria. In fact, this paper provides information about current tools for researchers and also helps security officers to choose suitable SQL injection detection tools for their web application security.

Full-Text [PDF 2479 kb]   (1704 Downloads)    
Type of Study: Research | Subject: Information Technology

Add your comments about this article : Your username or Email:
CAPTCHA

Rights and permissions
Creative Commons License This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.