We apologize for a recent technical issue with our email system, which temporarily affected account activations. Accounts have now been activated. Authors may proceed with paper submissions. PhDFocusTM
CFP last date
20 December 2024
Reseach Article

Safe Guard Anomalies against SQL Injection Attacks

by Romil Rawat, Chandrapal Singh Dangi, Jagdish Patil
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 22 - Number 2
Year of Publication: 2011
Authors: Romil Rawat, Chandrapal Singh Dangi, Jagdish Patil
10.5120/2558-3511

Romil Rawat, Chandrapal Singh Dangi, Jagdish Patil . Safe Guard Anomalies against SQL Injection Attacks. International Journal of Computer Applications. 22, 2 ( May 2011), 11-14. DOI=10.5120/2558-3511

@article{ 10.5120/2558-3511,
author = { Romil Rawat, Chandrapal Singh Dangi, Jagdish Patil },
title = { Safe Guard Anomalies against SQL Injection Attacks },
journal = { International Journal of Computer Applications },
issue_date = { May 2011 },
volume = { 22 },
number = { 2 },
month = { May },
year = { 2011 },
issn = { 0975-8887 },
pages = { 11-14 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume22/number2/2558-3511/ },
doi = { 10.5120/2558-3511 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T20:08:20.960460+05:30
%A Romil Rawat
%A Chandrapal Singh Dangi
%A Jagdish Patil
%T Safe Guard Anomalies against SQL Injection Attacks
%J International Journal of Computer Applications
%@ 0975-8887
%V 22
%N 2
%P 11-14
%D 2011
%I Foundation of Computer Science (FCS), NY, USA
Abstract

For internet, web application exists and for web application syntax, semantics, coding and design exists, and for coding and designing, algorithm exists, and for algorithm, protecting techniques and rules exists, But as the internet technologies advanced, vulnerability also advanced .Various old procedures, algorithm functions, coding and designing syntax and semantics are there, which are vulnerable to attack and if used could be easily traced or hacked by the attacker. Old practices which are vulnerable should be banned in organization, companies and govt. sectors and secure guidelines should be issued, which consists of security guildelines.and should be strictly followed. In this paper we have proposed coding flaws at different platforms and their solutions.

References
  1. Monica S. Lam, Michael Martin, Benjamin Livshits, and John Whaley, “Securing Web Applications with Static and Dynamic Information Flow Tracking,” PEPM’08, January 7–8, 2008, San Francisco, California, USA.
  2. J. Scambray, M. Shema, and C. Sima, Hacking Exposed Web Applications, 2nd ed., McGraw-Hill, 2006.
  3. D. Stuttard and M. Pinto, The Web Application Hacker’s Handbook,Wiley Publishing, 2008.
  4. Michael Howard, David LeBlanc, “Writing secure code”, Microsoft Press, 2003.
  5. Common Weaknesses Enumeration Definitions, April-2010, http://cwe.mitre.org/data/definitions/113.html.
  6. Mark G. Graff, Kenneth R.van Wyk, ‘Secure Coding Principles, and Practices’, 2003.
  7. Trupti Shiralkar and Brenda Grove “Guidelines for Secure Coding”, January,2009.
  8. B. Indrani & E. Ramaraj ,” X – LOG AUTHENTICATION TECHNIQUE TO PREVENT SQL INJECTION ATTACKS”, International Journal of Information Technology and Knowledge Management January-June 2011, Volume 4, No. 1, pp. 323-328.
  9. A Classification of SQL Inject ion At tacks and Countermeasures: William G.J. Hal Fond and Alessandro Orso, Col lege of Comput ing, Georgia Institute of Technology.Gatech.edu.
  10. D. Scott and R. Sharp, “Abstracting Application-level Web Security”, In Proceedings of the 11th International Conference on the World Wide Web (WWW 2002), Pages 396–407, 2002.Y. Huang, F. Yu, C. Hang, C. H. Tsai, D. T. Lee, and S. Y. Kuo.
  11. “Securing Web Application Code by Static Analysis and Runtime Protection”, In Proceedings of the 12th International World Wide Web Conference (WWW 04), May 2004.
  12. SQL Injection Attack Examples based on the Taxonomy of Orso et al.
  13. Xiang Fu, Xin Lu, Boris Peltsverger, Shijun Chen, "A Static Analysis Framework For Detecting SQL Injection Vulnerabilities", IEEE Transaction of computer software and application conference, 2007.
  14. Konstantinos Kemalis and Theodoros Tzouramanis, "Specification based approach on SQL Injection detection", ACM, 2008.
  15. G.T. Buehrer, B.W.Weide and P.A..G.Sivilotti, "Using Parse tree validation to prevent SQL Injection attacks", In proc. Of the 5th International Workshop on Software Engineering and Middleware(SEM '056), Pages 106-113, Sep. 2005.
  16. V.B. Livshits and M.S. Lam, "Finding Security vulnerability in java applications with static analysis", In proceedings of the 14th Usenix Security Symposium, Aug 2005.
  17. William G.J. Halfond, Alessandro Orso,Panagiotis Manolios, "WASP:Protecting Web Applications Using Positive Tainting and Syntax-Aware Evaluation", IEEE Transaction of Software Engineering Vol 34, Nol, January/February 2008.
  18. W.G. J. Halfond and A. Orso, "Combining Static Analysis and Run time monitoring to counter SQL Injection attacks", 3rd International workshop on Dynamic Analysis, St. Louis, Missouri, 2005, pp.1.
  19. Marco Cova, Davide Balzarotti, Viktoria Felmetsger, and Giovanni vigna, " Swaddler: An approach for the anamoly based character distribution models in the detection of SQL Injection attacks", Recent Advances in Intrusion Detection System, Pages 63-86, Springerlink, 2007.
Index Terms

Computer Science
Information Sciences

Keywords

SQL Injection Database Security Authentication HTTP