DOI QR코드

DOI QR Code

SQL Injection 공격을 효율적으로 방어하는 대응책 연구

Research on Countermeasure of SQL Injection Attack

  • 홍성혁 (백석대학교 ICT학부 정보보호전공)
  • Hong, Sunghyuck (Division of ICT, Information Security Major, Baekseok University)
  • 투고 : 2019.08.30
  • 심사 : 2019.10.20
  • 발행 : 2019.10.28

초록

현재 사회는 정보화 사회로 데이터를 활용하는 것이 필수불가결하다. 따라서 데이터베이스를 활용하여 방대한 양의 데이터를 관리하고 있다. 실생활에서 데이터베이스에 들어있는 데이터들은 대부분 한 그룹의 회원들의 개인정보들이다. 개인정보는 민감한 데이터이기 때문에 개인정보를 관리하는 데이터베이스 관리자의 역할이 중요하다. 하지만 이런 개인정보를 악의적으로 사용하기 위해 데이터베이스를 공격하는 행위가 늘고 있다. SQL Injection은 가장 많이 알려져 있고 오래된 해킹기법 중에 하나이다. SQL Injection 공격은 공격하기 쉬운 기법으로 알려져 있으나 대응방안 또한 쉽지만 많은 로그인을 요구하는 웹페이지에서 SQL 공격을 피하기 위한 노력을 많이 하지만 일부 사이트는 여전히 SQL 공격에 취약하다. 따라서 본 연구에서 SQL해킹 기술 사례 분석을 통하여 효과적인 방어책을 제시하여 웹 해킹을 막고 안전한 정보통신 환경을 제공하는 데 기여한다.

At present, it is indispensable to utilize data as an information society. Therefore, the database is used to manage large amounts of data. In real life, most of the data in a database is the personal information of a group of members. Because personal information is sensitive data, the role of the database administrator who manages personal information is important. However, there is a growing number of attacks on databases to use this personal information in a malicious way. SQL Injection is one of the most known and old hacking techniques. SQL Injection attacks are known as an easy technique, but countermeasures are easy, but a lot of efforts are made to avoid SQL attacks on web pages that require a lot of logins, but some sites are still vulnerable to SQL attacks. Therefore, this study suggests effective defense measures through analysis of SQL hacking technology cases and contributes to preventing web hacking and providing a secure information communication environment.

키워드

참고문헌

  1. J. S. Park. (2016). A Data Driven Index for Convergence Sensor Networks. Journal of the Korea Convergence Society, 7(6), 43-48. https://doi.org/10.15207/JKCS.2016.7.6.043
  2. D. Wetter (2012). OWASP Top 10: Zwei Jahre danach. Datenschutz Und Datensicherheit-DuD, 36(11), 810-813. DOI : 10.1007/s11623-012-0277-1
  3. K.Fowler. (2012). Confirming and Recovering from SQL Injection Attacks. SQL Injection Attacks and Defense, 443-484. DOI :10.1016/b978-1-59-749963-7.00010-4[5]
  4. S. D. Curation. (2018). Digital Curation Centre Template v1 (protocols.io.srwed7e). Protocols.io. DOI :10.17504/protocols.io.srwed7e
  5. A. Pomeroy & Q. Tan. (2011). Effective SQL Injection Attack Reconstruction Using Network Recording. 2011 IEEE 11th International Conference on Computer and Information Technology. DOI :10.1109/cit.2011.103
  6. G. Koziel, B. Krawczynski, J. Marucha, P. Wojcicki & S Skulimowski (2018). Application To Examine Sql Injection Vulnerabilities As A Tool In Computer Science Education. INTED 2018 Proceedings. DOI :10.21125/inted.2018.1739
  7. J. Halde. (2008.). SQL Injection analysis, Detection and Prevention. DOI :10.31979/etd.mnyq-9gq5
  8. J. Y. Choi. (2017). Development of educational programs for managing medical information utilizing medical data generation and analysis techniques. Journal of Digital Convergence, 15(10), 377-386. https://doi.org/10.14400/JDC.2017.15.4.377
  9. S. Hong (2013). XSS Attack and Countermeasure: Survey. Journal of Digital Convergence, 11(12), 327-332. https://doi.org/10.14400/JDPM.2013.11.12.327
  10. B. R. Kim, B. R. Yoo & S. Y. Jung. (2012). Philippine Learning Management System Design and Implementation. Journal of the Korea Convergence Society, 3(2), 1-5. https://doi.org/10.15207/JKCS.2012.3.2.001
  11. S. S. Shin, J. I. Kim & J. J. Youn. (2015). Vulnerability Analysis of the Creativity and Personality Education based on Digital Convergence Curation System. Journal of the Korea Convergence Society, 6(4), 225-234. https://doi.org/10.15207/JKCS.2015.6.4.225
  12. J. S. Park. (2016). A Data Driven Index for Convergence Sensor Networks. Journal of the Korea Convergence Society, 7(6), 43-48. https://doi.org/10.15207/JKCS.2016.7.6.043
  13. S. Hong. (2014). Research on Wireless Sensor Networks Security Attack and Countermeasures : Survey. Journal of Convergence for Information Technology, 4(4), 1-6. https://doi.org/10.22156/CS4SMB.2014.4.4.001
  14. P. S. Shin & J. M. Kim. (2014). Security and Hacking on Wireless Networking for Small and Medium Business : Survey. Journal of Convergence for Information Technology, 4(3), 15-20. https://doi.org/10.22156/CS4SMB.2014.4.3.015
  15. H. J. Yoon. (2018). Classification of Normal and Abnormal Heart Sounds Using Neural Network. Journal of Convergence for Information Technology, 8(5), 131-135. https://doi.org/10.22156/CS4SMB.2018.8.5.131