Google scholar arxiv informatics ads IJAIS publications are indexed with Google Scholar, NASA ADS, Informatics et. al.

Call for Paper

-

November Edition 2021

International Journal of Applied Information Systems solicits high quality original research papers for the November 2021 Edition of the journal. The last date of research paper submission is October 15, 2021.

Preventing SQLIA using ORM Tool with HQL

Siddhesh Bhagat, R. R Sedamkar, Prachi Janrao. Published in Databases

International Journal of Applied Information Systems
Year of Publication: 2016
Publisher: Foundation of Computer Science (FCS), NY, USA
Authors:Siddhesh Bhagat, R. R Sedamkar, Prachi Janrao
10.5120/ijais2016451600
Download full text
  1. Siddhesh Bhagat, R R Sedamkar and Prachi Janrao. Preventing SQLIA using ORM Tool with HQL. International Journal of Applied Information Systems 11(4):44-47, September 2016. URL, DOI BibTeX

    @article{10.5120/ijais2016451600,
    	author = "Siddhesh Bhagat and R. R Sedamkar and Prachi Janrao",
    	title = "Preventing SQLIA using ORM Tool with HQL",
    	journal = "International Journal of Applied Information Systems",
    	issue_date = "September 2016",
    	volume = 11,
    	number = 4,
    	month = "Sep",
    	year = 2016,
    	issn = "2249-0868",
    	pages = "44-47",
    	numpages = 4,
    	url = "http://www.ijais.org/archives/volume11/number4/937-2016451600",
    	doi = "10.5120/ijais2016451600",
    	publisher = "Foundation of Computer Science (FCS), NY, USA",
    	address = "New York, USA"
    }
    

Abstract

Web based systems nowadays follow 3-tier architecture for implementation of enterprise application. But these applications are more prone to security breach and loss of confidential information stored in database. One of the more serious attacks is known as Structured Query Language Injection (SQLI). This attack retrieves data without leaving any trace behind. This paper proposes an efficient solution called Object Relational Mapping technique for such kind of attack in a novel way. ORM maps the table architecture with corresponding Objects and uses those objects to retrieve data instead of getting data directly from database . Therefore it creates a indirect barrier from firing SQL query preventing direct access to database. In addition ORM Methodology satisfies desired criteria of loose coupling while coding.

Reference

  1. Nuno Antunes and Marco Vieira. Detecting SQL Injection vulnerabilities in web services. IEEE,2009.
  2. Kai-Xiang Zhang, Chia-Jun Lin Engineering, Shih-Jen Chen, Inst Yanling, Hao-Lun Huang, Fu-Hau Hsu Computer Science & Info. Engineering TransSQL:"A Translation and Validation-based Solution for SQL-Injection Attacks";, 2011 First International Conference on Robot, Vision and Signal Processing
  3. Mehdi Kiani, Andrew Clark and George Mohay,"Evaluation of Anomaly Based Character Distribution Models in the Detection of SQL Injection Attacks", The Third International Conference on Availability, Reliability and Security
  4. NTAGWA BIRA Lambert,KANG Song Lin,"Use of Query Tokenization to detect and prevent SQL Injection Attacks";,IEEE2010.
  5. William G. J. Halfond, Alessandro Orso, Member, IEEE Computer Society, and Panagiotis Manolios,"WASP: Protecting Web Applications Using Positive Tainting and Syntax-Aware Evaluation", Member, IEEE Computer Society IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, VOL. 34, NO. 1, JANUARY/FEBRUARY 2008.
  6. Ke Wei, M. Muthuprasanna, Suraj Kothari,"Preventing SQL Injection Attacks in Stored Procedures", Proceedings of the 2006 Australian Software Engineering Conference (ASWEC:06) 1530-0803© 2006 IEEE.
  7. C. Anley. Advanced SQL Injection In SQL Server Applications. White paper, Next Generation Security Software Ltd. , 2002.
  8. W. Halfond and A. Orso, "Combining Static Analysis and Runtime Monitoring to Counter SQL-Injection Attacks," Proceeding of the Third International ICSE Workshop on Dynamic Analysis (WODA 2005), 2005.
  9. J Saltzer and M. Schroeder, "The Protection of Information in Computer Systems," Proc. Fourth ACM Symp. Operating System Principles, Oct. 1973.
  10. Ramya Dharam and Sajjan G. Shiva,"Runtime Monitors for Tautology based SQL Injection Attacks",ICS 2002.
  11. Y. Xie and A. Aiken, "Static Detection of Security Vulnerabilities in Scripting Languages," Proc. 15th Usenix Security Symp. , Aug. 2006.
  12. C. Anley, "Advanced SQL Injection In SQL Server Applications," white paper, Next Generation Security Software, 2002.
  13. J. C. Anderson & D. W. Gerbing. "Structural equation modeling in practice: A review and recommended two-step approach". Psychological Bulletin, vol. 103, no. 3, pp. 411-423. 1988.

Keywords

T-SQL, ORM, LDAP SQLIA, FCD, SSC, HQL, MIS, CBS