2nd International ICST Workshop on e-Forensics Law and Judicial

Research Article

SQL Injection Defense Mechanisms for IIS+ASP+MSSQL Web Applications

Download
910 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-23602-0_25,
        author={Beihua Wu},
        title={SQL Injection Defense Mechanisms for IIS+ASP+MSSQL Web Applications},
        proceedings={2nd International ICST Workshop on e-Forensics Law and Judicial},
        proceedings_a={E-FORENSICSLAW},
        year={2012},
        month={10},
        keywords={SQL Injection Web sites Security Cybercrime},
        doi={10.1007/978-3-642-23602-0_25}
    }
    
  • Beihua Wu
    Year: 2012
    SQL Injection Defense Mechanisms for IIS+ASP+MSSQL Web Applications
    E-FORENSICSLAW
    Springer
    DOI: 10.1007/978-3-642-23602-0_25
Beihua Wu1,*
  • 1: East China University of Political Science and Law
*Contact email: wubeihua@ecupl.edu.cn

Abstract

With the sharp increase of hacking attacks over the last couple of years, web application security has become a key concern. SQL injection is one of the most common types of web hacking and has been widely written and used in the wild. This paper analyzes the principle of SQL injection attacks on Web sites, presents methods available to prevent IIS+ASP+MSSQL web applications from these kinds of attacks, including secure coding within the web application, proper database configuration, deployment of IIS and other security techniques. The result is verified by WVS report.