Proceedings of the 2015 5th International Conference on Computer Sciences and Automation Engineering

A Defense Model against SQL Injection Based on Parameterized Queries

Authors
Kuan Song, Hua Zhang
Corresponding Author
Kuan Song
Available Online February 2016.
DOI
10.2991/iccsae-15.2016.95How to use a DOI?
Keywords
SQL injection; parameterized queries; defense model; web application security.
Abstract

The SQL injection attack is one of the topmost threats for web applications. Most previously proposed methods for detecting SQL injection attacks suffer from false positives and false negatives. This paper describes a defense model against SQL injection based on parameterized queries. Results show that our method has improvement on accuracy and efficiency.

Copyright
© 2016, the Authors. Published by Atlantis Press.
Open Access
This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).

Download article (PDF)

Volume Title
Proceedings of the 2015 5th International Conference on Computer Sciences and Automation Engineering
Series
Advances in Computer Science Research
Publication Date
February 2016
ISBN
10.2991/iccsae-15.2016.95
ISSN
2352-538X
DOI
10.2991/iccsae-15.2016.95How to use a DOI?
Copyright
© 2016, the Authors. Published by Atlantis Press.
Open Access
This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).

Cite this article

TY  - CONF
AU  - Kuan Song
AU  - Hua Zhang
PY  - 2016/02
DA  - 2016/02
TI  - A Defense Model against SQL Injection Based on Parameterized Queries
BT  - Proceedings of the 2015 5th International Conference on Computer Sciences and Automation Engineering
PB  - Atlantis Press
SP  - 515
EP  - 518
SN  - 2352-538X
UR  - https://doi.org/10.2991/iccsae-15.2016.95
DO  - 10.2991/iccsae-15.2016.95
ID  - Song2016/02
ER  -