CFP last date
20 January 2025
Reseach Article

SQL Injection Attack Vulnerabilities of Web Application and Detection

by S M Sarwar Mahmud, Taofica Amrine, Muhammad Anwarul Azim
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 185 - Number 38
Year of Publication: 2023
Authors: S M Sarwar Mahmud, Taofica Amrine, Muhammad Anwarul Azim
10.5120/ijca2023923192

S M Sarwar Mahmud, Taofica Amrine, Muhammad Anwarul Azim . SQL Injection Attack Vulnerabilities of Web Application and Detection. International Journal of Computer Applications. 185, 38 ( Nov 2023), 41-48. DOI=10.5120/ijca2023923192

@article{ 10.5120/ijca2023923192,
author = { S M Sarwar Mahmud, Taofica Amrine, Muhammad Anwarul Azim },
title = { SQL Injection Attack Vulnerabilities of Web Application and Detection },
journal = { International Journal of Computer Applications },
issue_date = { Nov 2023 },
volume = { 185 },
number = { 38 },
month = { Nov },
year = { 2023 },
issn = { 0975-8887 },
pages = { 41-48 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume185/number38/32942-2023923192/ },
doi = { 10.5120/ijca2023923192 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-07T01:28:08.750394+05:30
%A S M Sarwar Mahmud
%A Taofica Amrine
%A Muhammad Anwarul Azim
%T SQL Injection Attack Vulnerabilities of Web Application and Detection
%J International Journal of Computer Applications
%@ 0975-8887
%V 185
%N 38
%P 41-48
%D 2023
%I Foundation of Computer Science (FCS), NY, USA
Abstract

SQL injection in database-driven web applications is a severe security risk. Using this injection attack, someone can steal potentially sensitive information and access the application's underlying database. Confidential data can be destroyed, lost, or stolen, websites can be vandalized, and unauthorized access to systems or accounts from a successful SQL injection attack. Individual devices or large networks can be compromised. The objective is to make a dataset or payloads of SQL injection vulnerability with web applications and perform an analysis to make a good prediction of the vulnerability. To provide a practical approach for vulnerability assessment and penetration testers which helps to ensure accurate results. This paper discussed the new method for detecting SQL injection using the proposed payloads and developed a Web Application Firewall that will reduce SQL Injection Attacks. With the help of These proposed payloads, the Web Application Firewall greatly improved and reduced any SQL injection attacks effectively.

References
  1. Qian, L., Zhu, Z., Hu, J. and Liu, S., 2015, January. Research of SQL injection attack and prevention technology.In 2015 International Conference on Estimation, Detection and Information Fusion (ICEDIF) (pp. 303-306).IEEE.
  2. Junjin, M., 2009, April. An approach for SQL injection vulnerability detection. In 2009 Sixth International Conference on Information Technology: New Generations (pp. 1411-1414). IEEE.
  3. L. Ma, D. Zhao, Y. Gao, and C. Zhao, "Research on SQL Injection Attack and Prevention Technology Based on Web," 2019 International Conference on Computer Network, Electronic and Automation (ICCNEA), 2019, pp. 176-179, DOI: 0.1109/ICCNEA.2019.00042
  4. H. Alsobhi and R. Alshareef, "SQL Injection Countermeasures Methods," 2020 International Conference on Computing and Information Technology (ICCIT-1441), 2020, pp. 1-4, DOI: 10.1109/ICCIT-144147971.2020.9213748
  5. N. Singh, M. Dayal, R. S. Raw, and S. Kumar, "SQL injection: Types, methodology, attack queries and prevention," 2016 3rd International Conference on Computing for Sustainable Global Development (INDIACom), 2016, pp. 2872-2876.
  6. D. Appelt, C. D. Nguyen, and L. Briand, "Behind an Application Firewall, Are We Safe from SQL Injection Attacks?," 2015 IEEE 8th International Conference on Software Testing, Verification and Validation (ICST), 2015, pp. 1-10, DOI: 10.1109/ICST.2015.7102581.
  7. T. D. Sobola, P. Zavarsky, and S. Butakov, "Experimental Study of ModSecurity Web Application Firewalls," 2020 IEEE 6th Intl Conference on Big Data Security on Cloud (BigDataSecurity), IEEE Intl Conference on High Performance and Smart Computing, (HPSC) and IEEE Intl Conference on Intelligent Data and Security (IDS), 2020, pp. 209-213, DOI: 10.1109/BigDataSecurity-HPSC-IDS49724.2020.00045.
  8. K. Nagendran, S. Balaji, B. A. Raj, P. Chanthrika and R. G. Amirthaa, "Web Application Firewall Evasion Techniques," 2020 6th International Conference on Advanced Computing and Communication Systems (ICACCS), 2020, pp. 194-199, DOI: 10.1109/ICACCS48705.2020.9074217.
  9. Randa Osman Morsi and Mona Farouk Ahmed (2019). A Two-Phase Pattern Matching Parse Tree Validation Approach for Efficient SQL Injection Attacks Detection. Journal of Artificial Intelligence.
  10. Ely Salwana Mat Surin, NurhakimahAzwaniMdNajib, Chan Wei Liang, Mohd Amin MohdYunus, Muhammad ZainulariffBrohan and NazriMohdNawi (2019). Review of SQL Injection: Problems and Prevention. INTERNATIONAL JOURNAL ON INFORMATICS VISUALIZATION, VOL2 (2018) NO3 – 2.
  11. S. Nanhay, D. Mohit, R.S. Raw, and K. Suresh, "SQL Injection: Types, Methodology, Attack Queries and Prevention," in 3rd International Conference on Computing for Sustainable Global Development (INDIACom), 2016, p. 2872 – 2876.
  12. K.G. Vamshi, V. Trinadh, S. Soundabaya, and A. Omar, "Advanced Automated SQL Injection Attacks and Defensive Mechanisms," in Annual Connecticut Conference on Industrial Electronics, Technology & Automation (CT-IETA), 2016, p. 1-6.
  13. K. Krit and S. Chitsutha, "Machine Learning for SQL Injection Prevention on Server- Side Scripting," in International Computer Science and Engineering Conference (ICSEC), 2016, p. 1-6.
  14. P.K. Raja and Z. Bing, "Enhanced Approach to Detection of SQL Injection Attack," in 15th IEEE International Conference on Machine Learning and Applications (ICMLA), 2016, p. 466 – 469.
  15. Dubey, R., & Gupta, H. (2016). SQL Filtering: An Effective Technique to Prevent SQL Injection Attack. 2016 5th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO).
  16. Dr. Ahmad Ghafarian (2017). A Hybrid Method for Detection and Prevention of SQL Injection Attacks.2017 Computing Conference.
  17. DebabrataKar and SuvasiniPanigrahi (2013). Prevention of SQL Injection attack using query transformation and hashing. 2013 3rd IEEE International Advance Computing Conference (IACC).
  18. Li Qian, Zhenyuan Zhu, Lun Hu, and Shuying Liu (2015).Research of SQL Injection Attack and Prevention Technology.2015 International Conference on Estimation, Detection and Information Fusion (ICEDIF 2015).
  19. RomilRawat and Shailendra Kumar Shrivastav (2012). SQL injection attack Detection using SVM. International Journal of Computer Applications (0975 – 8887). Volume 42– No.13, March 2012
  20. D. Scott and R. Sharp, "Abstracting Application-level Web Security," In Proceedings of the 11th International Conference on the World Wide Web (WWW 2002), Pages 396–407, 2002.Y. Huang, F. Yu, C. Hang, C. H. Tsai, D. T. Lee, and S. Y. Kuo.
  21. V.Shanmughaneethi, Ra. Yagna Pravin, C.EmilinShyni, S.Swamynathan (2011). SQLIVD - AOP: Preventing SQL Injection Vulnerabilities using Aspect-Oriented Programming. Communications in Computer and Information Science 169:327-337.
  22. Ashish Kumar and Sumitra Binu (2018). Proposed Method for SQL Injection Detection and its Prevention.International Journal of Engineering & Technology, 7(2.6), 213.
  23. Chenyu M. and Fan G.," Defending SQL injection attacks based on intention-oriented detection," 11th International Conference on Computer Science & Education (ICCSE), 2016.
  24. Abirami J., Devakunchari R. and Valliyammai C. (2015). A top web security vulnerability SQL injection attack — Survey. 2015 Seventh International Conference on Advanced Computing (ICAC).
  25. AbhayK.Kolhe and Pratik Adhikari (2014). Injection, Detection, Prevention of SQL injection attacks. International Journal of Computer Applications (0975 –8887)Volume 87 –No.7, February 2014.
  26. Voitovych O.P., Yuvkovetskyi O.S. and Kupershtein L.M. (2016). SQL injection prevention system. 2016 International Conference Radio Electronics & Info Communications (UkrMiCo)
  27. Chen, Z., Guo, M., & Zhou, L. (2018). Research on SQL injection detection technology based on SVM.Chen, Z., Guo, M., & Zhou, L. (2018).Research on SQL injection detection technology based on SVM.MATEC Web of Conferences, 173, 01004.
  28. Rajeh, W., & Abed, A. (2017). A novel three-tier SQLi detection and mitigation scheme for cloud environments.2017 International Conference on Electrical Engineering and Computer Science (ICECOS).
Index Terms

Computer Science
Information Sciences

Keywords

Injection Attack SQL Injection Web Application Web Application Firewall Open Web Application Security Project Payloads Penetration Testing Vulnerability Assessment