Browse > Article
http://dx.doi.org/10.15207/JKCS.2019.10.10.021

Research on Countermeasure of SQL Injection Attack  

Hong, Sunghyuck (Division of ICT, Information Security Major, Baekseok University)
Publication Information
Journal of the Korea Convergence Society / v.10, no.10, 2019 , pp. 21-26 More about this Journal
Abstract
At present, it is indispensable to utilize data as an information society. Therefore, the database is used to manage large amounts of data. In real life, most of the data in a database is the personal information of a group of members. Because personal information is sensitive data, the role of the database administrator who manages personal information is important. However, there is a growing number of attacks on databases to use this personal information in a malicious way. SQL Injection is one of the most known and old hacking techniques. SQL Injection attacks are known as an easy technique, but countermeasures are easy, but a lot of efforts are made to avoid SQL attacks on web pages that require a lot of logins, but some sites are still vulnerable to SQL attacks. Therefore, this study suggests effective defense measures through analysis of SQL hacking technology cases and contributes to preventing web hacking and providing a secure information communication environment.
Keywords
SQL Injection; Filtering Bypass; Stored Procedure; Error Message; Prepared Statement;
Citations & Related Records
Times Cited By KSCI : 7  (Citation Analysis)
연도 인용수 순위
1 J. S. Park. (2016). A Data Driven Index for Convergence Sensor Networks. Journal of the Korea Convergence Society, 7(6), 43-48.   DOI
2 D. Wetter (2012). OWASP Top 10: Zwei Jahre danach. Datenschutz Und Datensicherheit-DuD, 36(11), 810-813. DOI : 10.1007/s11623-012-0277-1   DOI
3 K.Fowler. (2012). Confirming and Recovering from SQL Injection Attacks. SQL Injection Attacks and Defense, 443-484. DOI :10.1016/b978-1-59-749963-7.00010-4[5]
4 S. D. Curation. (2018). Digital Curation Centre Template v1 (protocols.io.srwed7e). Protocols.io. DOI :10.17504/protocols.io.srwed7e
5 A. Pomeroy & Q. Tan. (2011). Effective SQL Injection Attack Reconstruction Using Network Recording. 2011 IEEE 11th International Conference on Computer and Information Technology. DOI :10.1109/cit.2011.103
6 G. Koziel, B. Krawczynski, J. Marucha, P. Wojcicki & S Skulimowski (2018). Application To Examine Sql Injection Vulnerabilities As A Tool In Computer Science Education. INTED 2018 Proceedings. DOI :10.21125/inted.2018.1739
7 J. Halde. (2008.). SQL Injection analysis, Detection and Prevention. DOI :10.31979/etd.mnyq-9gq5
8 J. Y. Choi. (2017). Development of educational programs for managing medical information utilizing medical data generation and analysis techniques. Journal of Digital Convergence, 15(10), 377-386.   DOI
9 S. Hong (2013). XSS Attack and Countermeasure: Survey. Journal of Digital Convergence, 11(12), 327-332.   DOI
10 B. R. Kim, B. R. Yoo & S. Y. Jung. (2012). Philippine Learning Management System Design and Implementation. Journal of the Korea Convergence Society, 3(2), 1-5.   DOI
11 H. J. Yoon. (2018). Classification of Normal and Abnormal Heart Sounds Using Neural Network. Journal of Convergence for Information Technology, 8(5), 131-135.   DOI
12 S. S. Shin, J. I. Kim & J. J. Youn. (2015). Vulnerability Analysis of the Creativity and Personality Education based on Digital Convergence Curation System. Journal of the Korea Convergence Society, 6(4), 225-234.   DOI
13 J. S. Park. (2016). A Data Driven Index for Convergence Sensor Networks. Journal of the Korea Convergence Society, 7(6), 43-48.   DOI
14 S. Hong. (2014). Research on Wireless Sensor Networks Security Attack and Countermeasures : Survey. Journal of Convergence for Information Technology, 4(4), 1-6.   DOI
15 P. S. Shin & J. M. Kim. (2014). Security and Hacking on Wireless Networking for Small and Medium Business : Survey. Journal of Convergence for Information Technology, 4(3), 15-20.   DOI