You are here: silicon.com > Resources > White Papers > Security > Intrusion - Tampering > Network Security

Network Security White Papers

Application Layer Intrusion Detection for SQL Injection

Tags:
network security

Overview SQL injection attacks potentially affect all applications, especially web applications, that utilize a database backend. While these attacks are generally against the applications and not the database directly, there are some techniques that can be deployed to mitigate the risk at the database server. Database intrusion detection systems are often based on signatures of known exploits and honey tokens, traps set in the database. This paper examines the threat from SQL injection attacks, the reasons traditional database access control is not sufficient to stop them, and some of the techniques used to detect them. Moreover, it proposes a model for an anomalous SQL detector which observes the database traffic from the perspective of the database server itself.

Further White Paper Details
Publisher	Association for Computing Machinery	File Format	PDF
Date Published	March 2006
Format	White Papers
Topics	Network Security, Security Tools, Intrusion Detection Systems

Did you find this white paper useful? 3 out of 6 users found this white paper useful

Balancing Security Against Productivity

Publisher:
Novell

Novell Zenworks Endpoint Security Management: Total Control from a Single Console

Publisher:
Novell

Secure Desktop On-Demand Webcast

Publisher:
Novell

County Government Increases the Security of Its Network

Publisher:
Microsoft

Memorial Manufacturer Streamlines Order Processing, Assures Network Security

Publisher:
Microsoft

Security experts warn of massive hack attack

Peapod contacted most major anti-virus and intrusion detection vendors late last week to alert them to the dangers of Investigator 2.0, but by Monday only two had replied. Ryan explained: "Most other Trojan Horses, like BackOrifice, create a...

Channel:
Security Strategy

Top ten tips to stop internal hackers

Implement architectural features to isolate, minimise and monitor internal user access abuses such as using packet sniffers to monitor internal traffic and host and/or a network-based intrusion detection system to identify internally-based attacks.

Channel:
Security Strategy

KPMG: Watch out for VoIP risks

One example of a DoS attack is repeatedly sending a hang-up command to each handset, which is difficult to detect or prevent. Without adequate risk management, VoIP implementations can result in reputation damage, a negative impact on customer...

Channel:
IP

The biggest VoIP security threats - and how to stop them

Good network practice, such as changing login defaults and using firewalls, can help mitigate the impact of these attacks. Users immediately detect a drop-off in service quality and ultimately their IP handsets stop working.

Malicious code getting harder to spot

Another alternative is Exploit Prevention Labs' LinkScanner, which monitors traffic going into a PC and blocks known exploits. Furthermore, a new toolkit called NeoSploit identifies the browser and is packed with security exploits to launch the...

Web 2.0 threat looms

XSS is one of the top 10 web application vulnerabilities identified by the Open Web Application Security Project (OWASP), along with injection attacks and malicious file execution. Most security threats that affect web 2.0 are not new.

Live Webcast: Telecoms 2.0 - Where is telecoms heading?

In this webcast, our panel of experts will review where we are with next generation telecoms in the UK, working through the concept of 'Telecoms 2.0': - Realising the potential of Next Generation Networks - why it isn't just about the technology? - What attributes should firms be looking for in their telco partner? - Is the relationship between telco provider and customer changing? - What things need to happen to make next generation services a reality? - You say you want the supplier to change. Do you want to change too? - What is Telecoms 2.0?

Publisher:
ZDNet UK

Telecom 2.0: Mind over matter

ntl:Telewest Business believes that the role of the telco is evolving. Gone are the days when it was enough to simply focus on circuits and minutes, customers now need a far higher degree of interaction and look for suppliers who will talk business solutions with them.

Publisher:
ntl:Telewest Business

IBM Information Server Change Data Capture

In today's fast-paced world, access to real-time data has never been more important. To be successful, organizations need to be able to report and analyze corporate data quickly and easily, regardless of what applications created the data, what platform they're running on, or what database they're stored in.

Publisher:
IBM

An examination of server consolidation: the trends that can drive efficiencies and help businesses gain a competitive edge

This white paper provides a starting point for organizations contemplating server consolidation. It includes an overview of server consolidation concepts and techniques and provides guidance on methodologies. It also looks at the potential cost savings associated with server consolidation and offers information on how organizations can sustain the advantage they have gained by consolidating their servers.

Publisher:
IBM

Also on silicon.com

Site Navigation:

Network Security White Papers

Application Layer Intrusion Detection for SQL Injection

Quick Sitemap Links:

About Us

Search

Blogs

Verticals

Advertising Features

CNET Networks in Europe

CNET Networks in the United States

CNET Networks in Asia Pacific