Evaluating the Modsecurity Web Application Firewall Against SQL Injection Attacks | IEEE Conference Publication | IEEE Xplore
Subscribe
ADVANCED SEARCH
Conferences >2020 15th International Confe...

Evaluating the Modsecurity Web Application Firewall Against SQL Injection Attacks

PDF
Basem Ibrahim Mukhtar; Marianne A. Azer
All Authors

Abstract:

SQL injection attacks target databases of web servers. The ability to modify, update, retrieve and delete database contents imposes a high risk on any website in differen...Show More

Metadata

Abstract:

SQL injection attacks target databases of web servers. The ability to modify, update, retrieve and delete database contents imposes a high risk on any website in different sectors. In this paper, we investigate the efforts done in the literature to detect and prevent the SQL injection attacks. We also assess the efficiency of the Modsecurity web application firewall in preventing SQL injection attacks.
Published in: 2020 15th International Conference on Computer Engineering and Systems (ICCES)
Date of Conference: 15-16 December 2020
Date Added to IEEE Xplore: 01 February 2021
ISBN Information:
DOI: 10.1109/ICCES51560.2020.9334626
Conference Location: Cairo, Egypt
References is not available for this document.
Contents

1. Introduction

Web applications have the advantage of being publicly accessible from everywhere around the world, and their services are available to almost anyone. A lot of information is distributed daily through web applications, it can include private and confidential data which are stored in the database of the webserver along with other data specific to the website itself.

Select All
1.
Rajesh Vemulakonda and Ketha Venkatesh, "SQLIADP: A Novel Framework to Detect and Prevent SQL Injection Attacks", Smart Intelligent Computing and Applications. Springer Singapore, pp. 41-50, 2020.
CrossRef Google Scholar
2.
OWASP TOP 10, [online] Available: https://owasp.org/www-projecttop-ten/.
Google Scholar
3.
Z. C. S. S. Hlaing and M. Khaing, "A Detection and Prevention Technique on SQL Injection Attacks", 2020 IEEE Conference on Computer Applications (ICCA), pp. 1-6, 2020.
View Article
Google Scholar
4.
P. Tang, W. Qiu, Z. Huang et al., "Detection of SQL injection based on artificial neural network", Knowledge-Based Systems, 2020.
CrossRef Google Scholar
5.
I. Medeiros, M. Beatriz, N. Neves and M. Correia, "Demonstrating a Tool for Injection Attack Prevention in MySQL", 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 551-558, 2017.
View Article
Google Scholar
6.
Benfano Soewito, Fergyanto E. Gunawan and Hirzi Frumentius, "Prevention Structured Query Language Injection Using Regular Expression and Escape String", Procedia Computer Science, vol. 135, pp. 678-687, 2018.
Google Scholar
7.
Q. Temeiza, M. Temeiza and J. Itmazi, "A novel method for preventing SQL injection using SHA1 algorithm and syntax awareness", 2017 Joint International Conference on Information and Communication Technologies for Education and Training and International Conference on Computing in Arabic (ICCA-TICET), pp. 1-4, 2017.
View Article
Google Scholar
8.
K. D’silva, J. Vanajakshi, K. N. Manjunath and S. Prabhu, "An effective method for preventing SQL injection attack and session hijacking", 2017 2nd IEEE International Conference on Recent Trends in Electronics Information & Communication Technology (RTEICT), pp. 697-701, 2017.
View Article
Google Scholar
9.
B. Appiah, E. Opoku-Mensah and Z. Qin, "SQL injection attack detection using fingerprints and pattern matching technique", 2017 8th IEEE International Conference on Software Engineering and Service Science (ICSESS), pp. 583-587, 2017.
View Article
Google Scholar
10.
Rodrigo Martínez, Gustavo Betarte and Alvaro. Pardo, Web Application Attacks Detection Using Machine Learning Techniques, 2018.
Google Scholar
11.
S. O. Uwagbole, W. J. Buchanan and L. Fan, "Applied Machine Learning predictive analytics to SQL Injection Attack detection and prevention", 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM), pp. 1087-1090, 2017.
View Article
Google Scholar
12.
D. Appelt, A. Panichella and L. Briand, "Automatically Repairing Web Application Firewalls Based on Successful SQL Injection Attacks", 2017 IEEE 28th International Symposium on Software Reliability Engineering (ISSRE), pp. 339-350, 2017.
View Article
Google Scholar
13.
S. Jayaprakash and K. Kandasamy, "Database Intrusion Detection System Using Octraplet and Machine Learning", 2018 Second International Conference on Inventive Communication and Computational Technologies (ICICCT), pp. 1413-1416, 2018.
View Article
Google Scholar
14.
N. Gunaseeli and D. J. Mala, "Client Side Countermeasures for the Prevention of SQLIA in Web Applications", 2017 IEEE International Conference on Computational Intelligence and Computing Research (ICCIC), pp. 1-3, 2017.
View Article
Google Scholar
15.
K. A. Jackson and B. T. Bennett, "Locating SQL Injection Vulnerabilities in Java Byte Code Using Natural Language Techniques", SoutheastCon 2018, pp. 1-5, 2018.
View Article
Google Scholar
16.
A. Ghafarian, "A hybrid method for detection and prevention of SQL injection attacks", 2017 Computing Conference, pp. 833-838, 2017.
View Article
Google Scholar
17.
R. A. Katole, S. S. Sherekar and V. M. Thakare, "Detection of SQL injection attacks by removing the parameter values of SQL query", 2018 2nd International Conference on Inventive Systems and Control (ICISC), pp. 736-741, 2018.
View Article
Google Scholar
18.
M.S. Aliero, I. Ghani, K.N. Qureshi et al., "An algorithm for detecting SQL injection vulnerability using black-box testing", J Ambient Intell Human Comput, vol. 11, pp. 249-266, 2020.
CrossRef Google Scholar
19.
[online] Available: https://www.modsecurity.org/.
Contact IEEE to Subscribe
More Like This
Multi-Phase Algorithmic Framework to Prevent SQL Injection Attacks using Improved Machine learning and Deep learning to Enhance Database security in Real-time

2022 15th International Conference on Security of Information and Networks (SIN)

Published: 2022

Database SQL Injection Security Problem Handling with Examples

2019 International Conference on Computational Science and Computational Intelligence (CSCI)

Published: 2019

Show More

References

References is not available for this document.

IEEE Account

Purchase Details

Profile Information

Need Help?

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.
© Copyright 2025 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.