Runtime monitors to detect and prevent union query based SQL injection attacks


Web applications are increasingly used in recent years to provide online services such as banking, shopping, social networking, etc. These applications operate with sensitive user information and hence there is a high need for assuring their confidentiality, integrity, and availability. Existing pre-deployment testing techniques, tools, and methodologies do not assure complete analysis, execution and testing of all possible behaviors of the software. This causes the software to sometimes behave differently than what it was designed for during its post-deployment. Such a deviation in the system's behavior, also termed as "Software Anomaly," is mostly due to external attacks such as Path Traversal Attacks, SQL Injection Attacks, etc., that in turn affect confidential user information stored in the application. In this paper, we present and evaluate a framework called Runtime Monitoring Framework to handle union query based SQL Injection Attacks. © 2013 IEEE.

Publication Title

Proceedings of the 2013 10th International Conference on Information Technology: New Generations, ITNG 2013