- 321 views
- 239 downloads
Preventing SQL injections in online applications: Study, recommendations and Java solution prototype based on the SQL DOM
-
- Author(s) / Creator(s)
-
SQL Injection Attacks are a relatively recent threat to the confidentiality, integrity and availability of online applications and their technical infrastructure, accounting for nearly a fourth of web vulnerabilitie. In this paper based on a master thesis, and numerous references therein, we present our study on the prevention of SQL Injections: overview of proposed approaches and existing solutions, and recommendations on preventive coding techniques for Java-powered web applications and other environments. Then, we review McClure’s SQL DOM approach for the prevention of SQL Injections in object-oriented applications. We also present our solution for Java-based online applications, SQLDOM4J, which is freely based on the SQL DOM but attempts to address some of our criticisms toward it, and evaluate its performance.
-
- Date created
- 2008-01-01
-
- Subjects / Keywords
-
- Type of Item
- Research Material