SQL injections attacks have been rated as the most dangerous vulnerability of web-based systems over more than a decade by OWASP top ten. Though different static, runtime and hybrid approaches have been proposed to counter SQL injection... more
SQL injections attacks have been rated as the most dangerous vulnerability of web-based systems over more than a decade by OWASP top ten. Though different static, runtime and hybrid approaches have been proposed to counter SQL injection attacks, no single approach guarantees flawless prevention/ detection for these attacks. Hundreds of components of open source and commercial software products are reported to be vulnerable for SQL injection to CVE repository every year. In this mapping study, we identify different existing approaches in terms of the cost of computation and protection offered. We found that most of the existing techniques claim to offer protection based on the testing on a very small or limited scale. This study dissects each proposed approach and highlights their strengths and weaknesses and categorizes them based on the underlying technology used to detect or counter the injection attacks.
In recent years, Wireless Sensor Networks(WSNs) research has been carried out with the goals of achieving high security and energy efficiency. In a WSN, sensor nodes are vulnerable to physical attacks because they are deployed in an open... more
In recent years, Wireless Sensor Networks(WSNs) research has been carried out with the goals of achieving high security and energy efficiency. In a WSN, sensor nodes are vulnerable to physical attacks because they are deployed in an open environment. An attacker can inject a false report into networks using these vulnerabilities. F. Ye et al. proposed statistical en-route filtering to prevent false report injection attacks. In order to effectively use their scheme, techniques for determining thresholds using fuzzy logic have been studied. To effectively apply these techniques to the network, an appropriate update period should be set according to the network environments. In this paper, we propose a security period update method in order to improve the lifetime of the network in the statistical en-route filtering approach based on a wireless sensor network of the cluster environment. The experimental results show that up to an 11.96% improvement of the energy efficiency can be achieved when the security threshold is set to the optimal period.
SQL injections attacks have been rated as the most dangerous vulnerability of web-based systems over more than a decade by OWASP top ten. Though different static, runtime and hybrid approaches have been proposed to counter SQL injection... more
SQL injections attacks have been rated as the most dangerous vulnerability of web-based systems over more than a decade by OWASP top ten. Though different static, runtime and hybrid approaches have been proposed to counter SQL injection attacks, no single approach guarantees flawless prevention/ detection for these attacks. Hundreds of components of open source and commercial software products are reported to be vulnerable for SQL injection to CVE repository every year. In this mapping study, we identify different existing approaches in terms of the cost of computation and protection offered. We found that most of the existing techniques claim to offer protection based on the testing on a very small or limited scale. This study dissects each proposed approach and highlights their strengths and weaknesses and categorizes them based on the underlying technology used to detect or counter the injection attacks.
