CFP last date
20 January 2025
Reseach Article

A Study of SQL of Injections Techniques and their Prevention Methods

by Yash Tiwari, Mallika Tiwari
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 114 - Number 17
Year of Publication: 2015
Authors: Yash Tiwari, Mallika Tiwari
10.5120/20072-2007

Yash Tiwari, Mallika Tiwari . A Study of SQL of Injections Techniques and their Prevention Methods. International Journal of Computer Applications. 114, 17 ( March 2015), 31-33. DOI=10.5120/20072-2007

@article{ 10.5120/20072-2007,
author = { Yash Tiwari, Mallika Tiwari },
title = { A Study of SQL of Injections Techniques and their Prevention Methods },
journal = { International Journal of Computer Applications },
issue_date = { March 2015 },
volume = { 114 },
number = { 17 },
month = { March },
year = { 2015 },
issn = { 0975-8887 },
pages = { 31-33 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume114/number17/20072-2007/ },
doi = { 10.5120/20072-2007 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T22:53:03.582586+05:30
%A Yash Tiwari
%A Mallika Tiwari
%T A Study of SQL of Injections Techniques and their Prevention Methods
%J International Journal of Computer Applications
%@ 0975-8887
%V 114
%N 17
%P 31-33
%D 2015
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Rapid evolution of technology and increasing necessity of storing data and securing it as well gave rise to various techniques to secure it along with the new innovative malicious techniques to have a hazardous impact on the organization by wrecking the database and manipulating data. In this paper we have presented various techniques that are being used by such attackers called sql injections and their prevention methods these attacks are targeted towards web applications using databases and are injected through the input fields meant for taking information such as username or password. Such codes injected combines with the already present sql code and form a query that solves the purposes of the attacker if vulnerable to such attacks.

References
  1. Atefeh Tajpour, Maslin Massrum and Mohammad zaman Heydari. "Comparison of SQL Injection detection and prevention techniques," in proceeding of 2nd international conference on education technology and computer(ICETC)
  2. C Anley. Advanced SQL Injection in SQL ServerApplications. White Paper Next Generation Security Software Ltd. , 2002. http://www. nextgenss. com/papers/advanced sql injection. pdf
  3. M. Howard and D Le Blane. Writing Secure Code. MicrosoftPress, Redmond, Washington, second edition, 2003.
  4. S. McDoland. SQL Injection. Modes of Attack, defence andwhy it matters. White paper, GovernmentSecurity. org, April 2002.
  5. Asha. N,M. Varun Kumar,Vaidhyanathan. G of Anomaly Based Character Distribution Models in the,"Preventing SQL Injection Attacks", International Journal of Computer Applications (0975 – 8887) Volume 52– No. 13, August 2012
  6. A brief introduction for sql injections and vulnerabilities are described in the website of W3resources. http://www. w3resource. com/sql/sql-injection/sql-injection. php
  7. C. Anley. Advanced sql injection in sql server applications. http://www. nextgenss. com/papers/advanced_sql_injection. pdf.
  8. Xiang Fu, Kai Qian. SAFELI-SQL Injection Scanner Using Symbolic Execution. Proceedings of the 2008 workshop on Testing, analysis, and verification of web services and applications. ACM(2008).
  9. S. W. Boyd and A. D. Keromytis. Sqlrand: Preventing sql injection attacks. ACNS, 2004.
  10. Y. -W. Huang, S. -K. Huang, T. -P. Lin, and C. -H. Tsai,"Web application security assessment by fault injection and behavior monitoring," in Proceedings of the 12th international conference on World Wide Web,ser. WWW'03, 2003, pp. 148–159.
  11. Diallo Abdoulaye Kindyand Al-Sakib Khan Pathan,"A survey on SQL injection:vulnerabilities,attacks and prevention techniques," in 2011 IEEE 15thinternational symposium on consumer electronics.
  12. M. Howard and D. LeBlanc. Writing Secure Code. Microsoft Press,Redmond, Washington, second edition, 2003
Index Terms

Computer Science
Information Sciences

Keywords

Sql injection data security inference tautology.