SQL注入检测和防范技术的比较外文文献翻译英文原文（可编辑）.docVIP

SQL注入检测和防范技术的比较外文文献翻译英文原文 201O 2nd International Conforence on Education Technology and Computer ICETC Comparison of SQL Injection Detection and Prevention Techniques Atefeh Tajpour Center for Advanced Software Engineering University Technology Malaysia Kuala Lumpur, Malaysia tajpour81sn@yahoo Maslin Massrum Center for Advanced Software Engineering University Technology Malaysia Kuala Lumpur, Malaysia maslin@//0. Mohammad Zaman Heydari IT Management Dep UCSI University Kuala Lumpur, Malaysia mz_heydari@yahoo Abstract-Database driven web application are threaten by SQL Injection Attacks SQLIAs because this type of attack can compromise confidentiality and integrity of information in databases. Actually, an attacker intrudes to the web application database and consequently, access to data. For stopping this type of attack different approaches have been proposed by researchers but they are not enough because most of implemented approaches cannot stop all type of attacks. In this paper all type of SQL injection attack and also different techniques which can detect or prevent them are presented. Finally we evaluate these approaches against all types of SQL injection attacks. Keyword: SQL Injection Attacks, detection, prevention. which usually are open in firewalls. On the other hand, most lOSs focus on the network and IP layers whereas SQLIAs work at application layer. Researchers have proposed a range of techniques and tools to help developers to compensate the shortcoming of the defensive coding [7, 8, 11]. The problem is that some current techniques and tools are impractical in reality because they could not address all attack types or have not been implemented yet. Also some of them need to modify web application code or additional infrastructures. However, the main aim of this paper is to introduce all types of SQL injection attacks and evaluate current approaches which can detect or prevent them. The paper is organized as follows. In section