The following information was submitted:
Transactions: WSEAS TRANSACTIONS ON COMPUTERS
Transactions ID Number: 53-363
Full Name: Shanmughaneethi Velu
Position: Assistant Professor
Age: ON
Sex: Male
Address: Computer Centre, NITTTR, Taramani, Chennai -113
Country: INDIA
Tel: 044-22545458
Tel prefix:
Fax:
E-mail address: shanneethi@nitttrc.ac.in
Other E-mails:
Title of the Paper: SQLID-LWS: Preventing SQL Injection Vulnerabilities through Layered Web Services
Authors as they appear in the Paper: V.Shanmughaneethi, K.Arun Prabhu, D.G. Sudharsan, S.Swamynathan
Email addresses of all the authors: shanneethi@nitttrc.ac.in, kapmsd@gmail.com, dgsudharsan@gmail.com, swamyns@annauniv.edu
Number of paper pages: 11
Abstract: Providing a secure service in web applications is becoming a real challenge in web security. Among the various kinds of software vulnerabilities, command injection is the most common threat in web applications. In command injection, SQL injection type of attacks are extremely more prevalent, and it is a common form of attack in the web. SQL injection attacks involve the construction of application's input data that will result in the execution of malicious SQL statements. Most of the SQL injection detection techniques involve writing the code along with the actual scripting. However, these techniques do not detect errors in SQL statements. This paper, therefore attempts to provide a mechanism (SQLID-LWS) that will identify any invalid non SQL key words. This mechanism will also customize the captured errors. This proposed mechanism is different from others, in that, it will separate from the main scripting code. This suggested injection detections code can be impl!
emented in web services.
Keywords: Web security, SQL injection, Web Service, Tautology, Query Engine, XML Schema, Piggybacking.
EXTENSION of the file: .doc
Special (Invited) Session:
Organizer of the Session:
How Did you learn about congress: Command Injection in Web application Security
IP ADDRESS: 202.54.130.119
