A Java Source-code SQL Injection Attack Detection Algorithm Based on Static Analysis
Authors
Tian Wang, Lihao Wei, Hong Zou
Corresponding Author
Tian Wang
Available Online November 2012.
- DOI
- 10.2991/citcs.2012.167How to use a DOI?
- Keywords
- static analysis; SQL injection attack; abstract syntax tree.
- Abstract
This paper researches the method of SQL injection attack detection and the principle of static analysis scanning, and presents a Java source-code SQL injection attack detection algorithm. The detection algorithm includes these steps: lexical analysis of source code, parsing of source code, constructing abstract syntax tree of source code, defining rules, abstract syntax tree traversal, tracking problems, detecting possible paths of SQL injection attack etc. Test results show the proposed detection algorithm in this paper performs perfectly and has higher recognition rate.
- Copyright
- © 2012, the Authors. Published by Atlantis Press.
- Open Access
- This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).
Cite this article
TY - CONF AU - Tian Wang AU - Lihao Wei AU - Hong Zou PY - 2012/11 DA - 2012/11 TI - A Java Source-code SQL Injection Attack Detection Algorithm Based on Static Analysis BT - Proceedings of the 2012 National Conference on Information Technology and Computer Science PB - Atlantis Press SP - 653 EP - 655 SN - 1951-6851 UR - https://doi.org/10.2991/citcs.2012.167 DO - 10.2991/citcs.2012.167 ID - Wang2012/11 ER -