CFP last date
15 April 2024
Reseach Article

Preventing SQLIA using ORM Tool with HQL

by Siddhesh Bhagat, R. R Sedamkar, Prachi Janrao
International Journal of Applied Information Systems
Foundation of Computer Science (FCS), NY, USA
Volume 11 - Number 4
Year of Publication: 2016
Authors: Siddhesh Bhagat, R. R Sedamkar, Prachi Janrao
10.5120/ijais2016451600

Siddhesh Bhagat, R. R Sedamkar, Prachi Janrao . Preventing SQLIA using ORM Tool with HQL. International Journal of Applied Information Systems. 11, 4 ( Sep 2016), 44-47. DOI=10.5120/ijais2016451600

@article{ 10.5120/ijais2016451600,
author = { Siddhesh Bhagat, R. R Sedamkar, Prachi Janrao },
title = { Preventing SQLIA using ORM Tool with HQL },
journal = { International Journal of Applied Information Systems },
issue_date = { Sep 2016 },
volume = { 11 },
number = { 4 },
month = { Sep },
year = { 2016 },
issn = { 2249-0868 },
pages = { 44-47 },
numpages = {9},
url = { https://www.ijais.org/archives/volume11/number4/938-2016451600/ },
doi = { 10.5120/ijais2016451600 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2023-07-05T19:04:08.401736+05:30
%A Siddhesh Bhagat
%A R. R Sedamkar
%A Prachi Janrao
%T Preventing SQLIA using ORM Tool with HQL
%J International Journal of Applied Information Systems
%@ 2249-0868
%V 11
%N 4
%P 44-47
%D 2016
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Web based systems nowadays follow 3-tier architecture for implementation of enterprise application. But these applications are more prone to security breach and loss of confidential information stored in database. One of the more serious attacks is known as Structured Query Language Injection (SQLI). This attack retrieves data without leaving any trace behind. This paper proposes an efficient solution called Object Relational Mapping technique for such kind of attack in a novel way. ORM maps the table architecture with corresponding Objects and uses those objects to retrieve data instead of getting data directly from database . Therefore it creates a indirect barrier from firing SQL query preventing direct access to database. In addition ORM Methodology satisfies desired criteria of loose coupling while coding.

References
  1. Nuno Antunes and Marco Vieira. Detecting SQL Injection vulnerabilities in web services. IEEE,2009.
  2. Kai-Xiang Zhang, Chia-Jun Lin Engineering, Shih-Jen Chen, Inst Yanling, Hao-Lun Huang, Fu-Hau Hsu Computer Science & Info. Engineering TransSQL:"A Translation and Validation-based Solution for SQL-Injection Attacks";, 2011 First International Conference on Robot, Vision and Signal Processing
  3. Mehdi Kiani, Andrew Clark and George Mohay,"Evaluation of Anomaly Based Character Distribution Models in the Detection of SQL Injection Attacks", The Third International Conference on Availability, Reliability and Security
  4. NTAGWA BIRA Lambert,KANG Song Lin,"Use of Query Tokenization to detect and prevent SQL Injection Attacks";,IEEE2010.
  5. William G. J. Halfond, Alessandro Orso, Member, IEEE Computer Society, and Panagiotis Manolios,"WASP: Protecting Web Applications Using Positive Tainting and Syntax-Aware Evaluation", Member, IEEE Computer Society IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, VOL. 34, NO. 1, JANUARY/FEBRUARY 2008.
  6. Ke Wei, M. Muthuprasanna, Suraj Kothari,"Preventing SQL Injection Attacks in Stored Procedures", Proceedings of the 2006 Australian Software Engineering Conference (ASWEC:06) 1530-0803© 2006 IEEE.
  7. C. Anley. Advanced SQL Injection In SQL Server Applications. White paper, Next Generation Security Software Ltd. , 2002.
  8. W. Halfond and A. Orso, "Combining Static Analysis and Runtime Monitoring to Counter SQL-Injection Attacks," Proceeding of the Third International ICSE Workshop on Dynamic Analysis (WODA 2005), 2005.
  9. J Saltzer and M. Schroeder, "The Protection of Information in Computer Systems," Proc. Fourth ACM Symp. Operating System Principles, Oct. 1973.
  10. Ramya Dharam and Sajjan G. Shiva,"Runtime Monitors for Tautology based SQL Injection Attacks",ICS 2002.
  11. Y. Xie and A. Aiken, "Static Detection of Security Vulnerabilities in Scripting Languages," Proc. 15th Usenix Security Symp. , Aug. 2006.
  12. C. Anley, "Advanced SQL Injection In SQL Server Applications," white paper, Next Generation Security Software, 2002.
  13. J. C. Anderson & D. W. Gerbing. "Structural equation modeling in practice: A review and recommended two-step approach". Psychological Bulletin, vol. 103, no. 3, pp. 411-423. 1988.
Index Terms

Computer Science
Information Sciences

Keywords

T-SQL ORM LDAP SQLIA FCD SSC HQL MIS CBS