“Demonstrating a Tool for Injection Attack Prevention in MySQL”

From Navigators

Jump to: navigation, search

Ibéria Medeiros, Nuno Ferreira Neves, Miguel Beatriz, Miguel Correia

in Proceedings of the International Conference on Dependable Systems and Networks (DSN)., Jun. 2017.

Abstract: Despite the significant efforts put in building more secure web applications, cases of high impact breaches continue to appear. Vulnerabilities in web applications are often created due to inconsistencies in the way SQL queries are believed to be run and the way they are actually executed by a Database Management System (DBMS). This paper presents a demonstration of SEPTIC, a mechanism that detects and blocks injection attacks inside the DBMS. The demonstration considers a scenario of a non-trivial PHP web application, backed by a MySQL DBMS, which was modified to include SEPTIC. It presents how SEPTIC blocks injection attacks without compromising the application correctness and performance. In addition, SEPTIC is compared to alternative approaches, such as sanitizations carried out with standard functions provided language and a web application firewall.

Download paper

Download Demonstrating a Tool for Injection Attack Prevention in MySQL

Export citation

BibTeX

Project(s): Project:SEGRID

Research line(s): Fault and Intrusion Tolerance in Open Distributed Systems (FIT)

Personal tools
Navigators toolbox