We apologize for a recent technical issue with our email system, which temporarily affected account activations. Accounts have now been activated. Authors may proceed with paper submissions. PhDFocusTM
CFP last date
20 November 2024
Call for Paper
December Edition
IJCA solicits high quality original research papers for the upcoming December edition of the journal. The last date of research paper submission is 20 November 2024

Submit your paper
Know more
The week's pick
Responsive image
An Efficient Restoration Method for the Faint Dot Matrix Images

Ao Zhu Peng Cao
Random Articles
Reseach Article

A Survey on Authentication Mechanism against SQL Injection in XML

by Preshika Tiwari, Ashish Kumar Srivastava
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 78 - Number 7
Year of Publication: 2013
Authors: Preshika Tiwari, Ashish Kumar Srivastava
10.5120/13501-1249

Preshika Tiwari, Ashish Kumar Srivastava . A Survey on Authentication Mechanism against SQL Injection in XML. International Journal of Computer Applications. 78, 7 ( September 2013), 22-25. DOI=10.5120/13501-1249

@article{ 10.5120/13501-1249,
author = { Preshika Tiwari, Ashish Kumar Srivastava },
title = { A Survey on Authentication Mechanism against SQL Injection in XML },
journal = { International Journal of Computer Applications },
issue_date = { September 2013 },
volume = { 78 },
number = { 7 },
month = { September },
year = { 2013 },
issn = { 0975-8887 },
pages = { 22-25 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume78/number7/13501-1249/ },
doi = { 10.5120/13501-1249 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T21:50:59.410271+05:30
%A Preshika Tiwari
%A Ashish Kumar Srivastava
%T A Survey on Authentication Mechanism against SQL Injection in XML
%J International Journal of Computer Applications
%@ 0975-8887
%V 78
%N 7
%P 22-25
%D 2013
%I Foundation of Computer Science (FCS), NY, USA
Abstract

SQL Injection Attacks (SQLIAs) are very serious intrusion attacks on database driven web application because such attacks can lacks the confidentiality and integrity (security) of data (information) in databases. In reality, unauthorized person intrudes to the web database and then after accordingly, enter in the data. To prevent this type of attack various approaches are proposed by analysts but they are not sufficient because most of implementing techniques will not stop all types of attacks. This paper presents the different kinds of SQL Injection attacks on the web based XML data and on the various present SQLIAs prevention techniques . This paper shows the existing SQLIAs prevention techniques which will demand the client side data, one by one and then validate Which will make typical the developer's job to write various different validation codes for each data page which is receiving in the server side. This paper reviewed the various security threats and XML database and analyze the available security mechanism to protect against the above attacks. This paper also presents the various research scopes in XML SQLIAs.

References
  1. Rafael Bosse brinhhosa, Carla Merkle Westphall and Carlos Becker Westphall,"Proposal and development of the web services input validation model" 978-1-4673-0269-2/12/$31. 00@2012 IEEE.
  2. Atefeh Tajpour, Maslin Massrum and Mohammad zaman Heydari. "Comparison of SQL Injection detection and prevention techniques," in proceeding of 2nd international conference on education technology and computer(ICETC)
  3. Christian mainka,juraj somorovsky and jorg schwenk,"Penetrating testing tool for web services security,"2012 IEEE eighth world conference on services
  4. P. Bisht, P. Madhusudan, and V. N. Venkratakrishnan, "CANDID: dy- namic candidate evaluations for automatic prevention of SQL injection attacks," ACM Trans. Inf. Syst. Secure. , vol. 13, no. 2, pp. 1–39, 2010.
  5. K. Kemalis and T. Tzouramanis, "SQL-ids: a speci?cation-based approach for SQL-injection detection," in Proceedings of the 2008 ACM symposium on Applied computing, sir. SAC '08. ACM, 2008, pp. 2153–2158.
  6. S. Bandhakavi, P. Bisht, P. Madhusudan, and V. N. Venkatakrishnan, "Candid: preventing SQL injection attacks using dynamic candidate valuations," in Proceedings of the 14th ACM Conference on Compute and communications security, sir. CCS '07, 2007, pp. 12–24.
  7. X. Jin and S. L. Osborn, "Architecture for data collection in database intrusion detection systems," in Proceedings of the 4th VLDB conference on Secure data management, sir. SDM'07, 2007, pp. 96–107.
  8. Y. -W. Huang, S. -K. Huang, T. -P. Lin, and C. -H. Tsai, "Web application security assessment by fault injection and behavior monitoring," in Proceedings of the 12th international conference on World Wide Web,ser. WWW '03, 2003, pp. 148–159.
  9. G. Wassermann, C. Gould, Z. Su, and P. Devanbu, "Static checking of dynamically generated queries in database applications," ACM Trans. Softw. Eng. Methodol. , vol. 16, no. 4, Sep. 2007.
  10. G. Wassermann and Z. Su, "An analysis framework for security in web applications," in In Proceedings of the FSE Workshop on Speci?cation and Veri?cation of Component-Based Systems (SAVCBS 2004, 2004, pp. 70–78).
  11. X. Fu and K. Qian, "Safeli: Sql injection scanner using symbolic execution," in Proceedings of the 2008 workshop on Testing, analysis, and veri?cation of web services and applications, ser. TAV-WEB '08, 2008, pp. 34–39.
  12. G. Buehrer, B. W. Weide, and P. A. G. Sivilotti, "Using parse tree validation to prevent sql injection attacks," in Proceedings of the 5th international workshop on Software engineering and middleware, ser. SEM '05, 2005, pp. 106–113.
  13. Z. Su and G. Wassermann, "The essence of command injection attacks in web applications," SIGPLAN Not. , vol. 41, no. 1, pp. 372–382, Jan. 2006.
  14. W. G. J. Halfond and A. Orso, "Amnesia: analysis and monitoring for neutralizing sql-injection attacks," in Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering, ser. ASE '05, 2005, pp. 174–183.
  15. Diallo Abdoulaye Kindy and Al-Sakib Khan Pathan,"A survey on SQL injection:vulnerabilities,attacks and prevention techniques," in 2011 IEEE 15th international symposium on consumer electronics.
Index Terms

Computer Science
Information Sciences

Keywords

SQL Injection XML Stored Procedure.

Powered by PhDFocusTM