A Study of SQL of Injections Techniques and their Prevention Methods

Yash Tiwari; Mallika Tiwari

Call for Paper

January Edition

IJCA solicits high quality original research papers for the upcoming January edition of the journal. The last date of research paper submission is 20 December 2024

Submit your paper

Know more

The week's pick

Improved Shuffled Frog Leaping Algorithm with Self-Adaptive Shuffling for Fuzzy Logic PD+G Controller Optimization in Robotic Manipulators

Duc Hoang Nguyen

Random Articles

Object Detection System using Arduino and Android Application for Visually Impaired People

Sep

2018

Geometric Mean based Algorithm for Prioritizing Processors on Cloud Environment

June

2015

A COBIT5 Framework for IoT Risk Management

Jul

2017

Texture based Emotion Recognition from Facial Expressions using Support Vector Machine

October

2013

Reseach Article

A Study of SQL of Injections Techniques and their Prevention Methods

by Yash Tiwari, Mallika Tiwari

International Journal of Computer Applications

Foundation of Computer Science (FCS), NY, USA

Volume 114 - Number 17

Year of Publication: 2015

Authors: Yash Tiwari, Mallika Tiwari

10.5120/20072-2007

Yash Tiwari, Mallika Tiwari . A Study of SQL of Injections Techniques and their Prevention Methods. International Journal of Computer Applications. 114, 17 ( March 2015), 31-33. DOI=10.5120/20072-2007

@article{ 10.5120/20072-2007,

author = { Yash Tiwari, Mallika Tiwari },

title = { A Study of SQL of Injections Techniques and their Prevention Methods },

journal = { International Journal of Computer Applications },

issue_date = { March 2015 },

volume = { 114 },

number = { 17 },

month = { March },

year = { 2015 },

issn = { 0975-8887 },

pages = { 31-33 },

numpages = {9},

url = { https://ijcaonline.org/archives/volume114/number17/20072-2007/ },

doi = { 10.5120/20072-2007 },

publisher = {Foundation of Computer Science (FCS), NY, USA},

address = {New York, USA}

}

%0 Journal Article

%1 2024-02-06T22:53:03.582586+05:30

%A Yash Tiwari

%A Mallika Tiwari

%T A Study of SQL of Injections Techniques and their Prevention Methods

%J International Journal of Computer Applications

%@ 0975-8887

%V 114

%N 17

%P 31-33

%D 2015

%I Foundation of Computer Science (FCS), NY, USA

Abstract

Rapid evolution of technology and increasing necessity of storing data and securing it as well gave rise to various techniques to secure it along with the new innovative malicious techniques to have a hazardous impact on the organization by wrecking the database and manipulating data. In this paper we have presented various techniques that are being used by such attackers called sql injections and their prevention methods these attacks are targeted towards web applications using databases and are injected through the input fields meant for taking information such as username or password. Such codes injected combines with the already present sql code and form a query that solves the purposes of the attacker if vulnerable to such attacks.

References

Atefeh Tajpour, Maslin Massrum and Mohammad zaman Heydari. "Comparison of SQL Injection detection and prevention techniques," in proceeding of 2nd international conference on education technology and computer(ICETC)
C Anley. Advanced SQL Injection in SQL ServerApplications. White Paper Next Generation Security Software Ltd. , 2002. http://www. nextgenss. com/papers/advanced sql injection. pdf
M. Howard and D Le Blane. Writing Secure Code. MicrosoftPress, Redmond, Washington, second edition, 2003.
S. McDoland. SQL Injection. Modes of Attack, defence andwhy it matters. White paper, GovernmentSecurity. org, April 2002.
Asha. N,M. Varun Kumar,Vaidhyanathan. G of Anomaly Based Character Distribution Models in the,"Preventing SQL Injection Attacks", International Journal of Computer Applications (0975 – 8887) Volume 52– No. 13, August 2012
A brief introduction for sql injections and vulnerabilities are described in the website of W3resources. http://www. w3resource. com/sql/sql-injection/sql-injection. php
C. Anley. Advanced sql injection in sql server applications. http://www. nextgenss. com/papers/advanced_sql_injection. pdf.
Xiang Fu, Kai Qian. SAFELI-SQL Injection Scanner Using Symbolic Execution. Proceedings of the 2008 workshop on Testing, analysis, and verification of web services and applications. ACM(2008).
S. W. Boyd and A. D. Keromytis. Sqlrand: Preventing sql injection attacks. ACNS, 2004.
Y. -W. Huang, S. -K. Huang, T. -P. Lin, and C. -H. Tsai,"Web application security assessment by fault injection and behavior monitoring," in Proceedings of the 12th international conference on World Wide Web,ser. WWW'03, 2003, pp. 148–159.
Diallo Abdoulaye Kindyand Al-Sakib Khan Pathan,"A survey on SQL injection:vulnerabilities,attacks and prevention techniques," in 2011 IEEE 15thinternational symposium on consumer electronics.
M. Howard and D. LeBlanc. Writing Secure Code. Microsoft Press,Redmond, Washington, second edition, 2003

Index Terms

Computer Science

Information Sciences

Keywords

Sql injection data security inference tautology.