Scribd
Upload
30 views1 page

Dbissuesconclusion

Uploaded by

api-233324921
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
30 views1 page

Dbissuesconclusion

Uploaded by

api-233324921
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 1

IV.

CONCLUSION
In this paper, we have presented a survey and comparison of current techniques for detecting and preventing SQLIAs. To perform this evaluation, we first identified the various types of SQLIAs known to date. We then evaluated the considered techniques in terms of their ability to detect and/or prevent such attacks. We also studied the different mechanisms through which SQLIAs can be introduced into an application and identified which techniques were able to handle which mechanisms. Lastly, we summarized the deployment requirements of each technique and evaluated to what extent its detection and prevention mechanisms could be fully automated. Our evaluation found several general trends in the results. Many of the techniques have problems handling attacks that take advantage of poorlycoded stored procedures and cannot handle attacks that disguise themselves using alternate encodings. We also found a general distinction in prevention abilities based on the difference between prevention-focused and general detection and prevention techniques. Data analysis and findings suggests that this difference could be explained by the fact that prevention-focused techniques try to incorporate defensive coding best practices into their attack prevention mechanisms. Future evaluation work should focus on evaluating the techniques precision and effectiveness in practice. Empirical evaluations such as those presented in related work would allow for comparing the performance of the different techniques when they are subjected to realworld attacks and legitimate inputs.

You might also like