The week's pick
Reseach Article
Preventing SQL Injection Attacks
| International Journal of Computer Applications |
| Foundation of Computer Science (FCS), NY, USA |
| Volume 52 - Number 13 |
| Year of Publication: 2012 |
| Authors: Asha. N, M. Varun Kumar, Vaidhyanathan.g |
10.5120/8264-1809
|
Asha. N, M. Varun Kumar, Vaidhyanathan.g . Preventing SQL Injection Attacks. International Journal of Computer Applications. 52, 13 ( August 2012), 28-32. DOI=10.5120/8264-1809
Abstract
With the recent rapid increase in web based applications that employ back-end database services, results show that SQL Injection and Remote File Inclusion are the two frequently used exploits rather than using other complicated techniques. With the rise in use of web applications, SQL injection based attacks are gradually increasing and is now one of the most common attacks in the internet. It allows an attacker to gain control over the database of an application, thereby able to read and alter confidential data. This paper illustrates few different forms of SQL injection and based on observation, it is seen that SQL Injection is interpreted differently on different databases. Finally, an effective solution is proposed for the prevention of these kinds of injection attacks, in such a way that it is independent of the underlying platform and database. Two levels of user authentication has been proposed in this method, SQL based authentication and an XML based authentication, and has been found to be very effective in preventing such attacks.
References
- Mehdi Kiani, Andrew Clark and George , "Evaluation of Anomaly Based Character Distribution Models in the Detection of SQL Injection Attacks". The Third International Conference on Availability, Reliability and Security,0-7695-3102-4/08, 2008 IEEE.
- V. Shanmughaneethi, C. Emilin Shyni and Dr. S. Swamynathan, "SBSQLID: Securing Web Applications with Service Based SQL Injection Detection" 2009 International Conference on Advances in Computing, Control, and Telecommunication Technologies, 978-0-7695-3915-7/09, 2009 IEEE
- R. Ezumalai, G. Aghila, "Combinatorial Approach for Preventing SQL Injection Attacks", 2009 IEEE International Advance Computing Conference (IACC 2009) Patiala, India, 6-7 March 2009.
- Yuji Kosuga, Kenji Kono, Miyuki Hanaoka, Hiyoshi Kohoku-ku, Yokohama, Miho Hishiyama, Yu Takahama, Kaigan Minato-ku, "Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Injection" 23rd Annual Computer Security Applications Conference, 2007, 1063-9527/07, 2007 IEEE
- Ke Wei, M. Muthuprasanna, Suraj Kothari, "Preventing SQL Injection Attacks in Stored Procedures". Proceedings of the 2006 Australian Software Engineering Conference (ASWEC'06).
- NTAGW ABIRA Lambert, KANG Song Lin, "Use of Query Tokenization to detect and prevent SQL Injection Attacks", 978-1-4244-5540-9/10/2010 IEEE.
- Prof (Dr. ) Sushila, Madan Supriya Madan, "Shielding Against SQL Injection Attacks Using ADMIRE Model", 2009 First International Conference on Computational Intelligence, Communication Systems and Networks, 978-0-7695-3743-6/09 2009 IEEE
- A S Yeole, B B Meshram, "Analysis of Different Technique for Detection of SQL Injection", International Conference and Workshop on Emerging Trends in Technology (ICWET 2011) – TCET, Mumbai, India, ICWET'11, February 25–26, 2011, Mumbai, Maharashtra, India. 2011 ACM.
- Kai-Xiang Zhang, Chia-Jun Lin, Shih-Jen Chen, Yanling Hwang, Hao-Lun Huang, and Fu-Hau Hsu, "TransSQL: A Translation and Validation-based Solution for SQL-Injection Attacks", First International Conference on Robot, Vision and Signal Processing, IEEE, 2011.
Index Terms
Keywords