文章基本信息

标题：SQL Injection Prevention Using Tokenization: Technique and Prevention Mechanism
本地全文：下载
作者：Gaurav Shrivastava ; Kshitij Pathak
期刊名称：International Journal of Advanced Research In Computer Science and Software Engineering
印刷版ISSN：2277-6451
电子版ISSN：2277-128X
出版年度：2013
卷号：3
期号：6
出版社：S.S. Mishra
摘要：SQL Injection Prevention Using Tokenization: A model exclusive of tokenization technique is used to prevent SQL Injection Attack by blocking the malicious input query in query execution phase. SQL Injection Prevention Using Tokenization Model detects SQLIA by applying tokenization process on input query. Tokenization process is applied by detecting spaces, single quotes and double dashes etc. This process converts the input query into the fruitful tokens and these tokens are then converted into hierarchical form. After applying tokenization, model validates each token by analyzing the value of left and right child of individual token. As soon as SQLIA detected it permanently block the input query. This model is seems to be able to detect and prevent all types of SQL Injection Attacks and does not trap in the case of appending set operators and Additional query attacks. It increases database security as well as contributes to maintain the confidentiality of sensitive data of web applications.
关键词：SQL Injection Prevention; SQLIA; Tokenization etc.