The Detection and Defense Mechanism for SQL Injection Attack Based on Web Application

The Detection and Defense Mechanism for SQL Injection Attack Based on Web Application

연구 분야: Databases

학회: 2022 IEEE 10th Joint International Information Technology and Artificial Intelligence Conference (ITAIC)

In view of the risk of SQL injection attack faced by the Web system, this paper proposes a SQL injection attack detection mechanism based on triangle module operator. The method uses the analysis results of web logs and user input as fusion operators to judge whether an attack occurs. At the same time, for the defense against SQL injection attack, this paper believes that the source code vulnerability testing, penetration testing and security configuration verification should be conducted before the Web system goes online, therefore it can improve the security of the information system.