Skip to main content
Conference ProceedingsOPEN ACCESS

Client-side detection of SQL injection attack

Lecture Notes in Business Information Processing (2013) 148 LNBIP 512-517
DOI: 10.1007/978-3-642-38490-5_46
5Citations
Citations of this article
7Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

Despite the development of many server-side approaches, SQL Injection (SQLI) vulnerabilities are still widely reported. A complementary approach is to detect the attack from the client-side (browser). This paper presents a client-side approach to detect SQLI attacks. The client-side accepts shadow SQL queries from the server-side and checks any deviation between shadow queries with dynamic queries generated with user supplied inputs. We propose four conditional entropy metrics to measure the deviation between the shadow query and dynamic query. We evaluate the approach with an open source PHP application. The results indicate that our approach can detect malicious inputs early at the client-side. © 2013 Springer-Verlag.

Author supplied keywords

Cite

CITATION STYLE

APA

Shahriar, H., North, S., & Chen, W. C. (2013). Client-side detection of SQL injection attack. In Lecture Notes in Business Information Processing (Vol. 148 LNBIP, pp. 512–517). Springer Verlag. https://doi.org/10.1007/978-3-642-38490-5_46

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free