CFP last date
15 April 2024
Reseach Article

Analysis of Detection and Prevention of Various SQL Injection Attacks on Web Applications

by Nanhay Singh, Khushal Singh, Ram Shringar Raw
International Journal of Applied Information Systems
Foundation of Computer Science (FCS), NY, USA
Volume 2 - Number 7
Year of Publication: 2012
Authors: Nanhay Singh, Khushal Singh, Ram Shringar Raw
10.5120/ijais12-450372

Nanhay Singh, Khushal Singh, Ram Shringar Raw . Analysis of Detection and Prevention of Various SQL Injection Attacks on Web Applications. International Journal of Applied Information Systems. 2, 7 ( May 2012), 20-26. DOI=10.5120/ijais12-450372

@article{ 10.5120/ijais12-450372,
author = { Nanhay Singh, Khushal Singh, Ram Shringar Raw },
title = { Analysis of Detection and Prevention of Various SQL Injection Attacks on Web Applications },
journal = { International Journal of Applied Information Systems },
issue_date = { May 2012 },
volume = { 2 },
number = { 7 },
month = { May },
year = { 2012 },
issn = { 2249-0868 },
pages = { 20-26 },
numpages = {9},
url = { https://www.ijais.org/archives/volume2/number7/176-0372/ },
doi = { 10.5120/ijais12-450372 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2023-07-05T10:43:49.208528+05:30
%A Nanhay Singh
%A Khushal Singh
%A Ram Shringar Raw
%T Analysis of Detection and Prevention of Various SQL Injection Attacks on Web Applications
%J International Journal of Applied Information Systems
%@ 2249-0868
%V 2
%N 7
%P 20-26
%D 2012
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Securing the website against cyber attack is a big challenge. One of the most critical cyber attack is the Structured Query Language Injection Attack (SQLIA). In resulting of this attack an attacker to gain control over the database of an application and accordingly an attacker may be able to interpolate the data of database server of the website. The analysis of detection and prevention of SQLIA help to get rid of this attack. The SQLIA are ill-used by the attacker to do the financial fraud, website defacement, sabotage, to get the confidential information etc. The vulnerability of SQL in RDBMS (relational database management system) of a website database server can be resulted from inappropriate programming due to which the attacker can exploit the SQLIA and to gain the access to confidential information. In this work, we have presented different types of attack methods, countermeasures and prevention techniques of SQLIA. This work also present the conditions under which the SQLIA perform

References
  1. J. V. William G. J. Halfond and A. Orso, "A classification of sql injection attacks and countermeasures," 2006.
  2. A. Tajpour; M. Masrom; M. Z. Heydari. ; S. Ibrahim; "SQL injection detection and prevention tools assessment, " Proc. Of ICCSIT 2010, vol. 9, no. , pp. 518-522, 9-11 July 2010.
  3. G. Buehrer, B. W. Weide, P. A. G. Sivilotti, Using Parse Tree Validation to Prevent SQL Injection Attacks,in:5th International Workshop on Software Engineering and Middleware, Lisbon, Portugal, 2005.
  4. P. Bisht, P. Madhusudan, and V. N. Venkatakrishnan. CANDID: Dynamic Candidate Evaluations for Automatic Prevention of SQL Injection Attacks. ACM Trans. Inf. Syst. Secur. , 13(2):1–39, 2010l
  5. S. Thomas and L. Williams, "Using Automated Fix Generation to Secure SQL Statements", Third International Workshop on Software Engineering for Secure Systems (SESS'07), Minneapolis, 2007.
  6. The Open Web Application Security Project (OWASP), http://www. owasp. org/index. php/Top_10_2007.
  7. J. Kirk, Databases Assaulted by SQL Injection Attacks, first ed. , Retrieved Issue 1, Volume1 ,2006, http://www. cio. com/article/23133/Databases_Assaulted_by_SQL_Injection_Attacks.
  8. Stephen thomas ,laurie williams, tao xie,"On automated prepared statement generation to remove SQL Injection vulnerabilities "Information and Software Technology 51 (2009) page no. 590.
  9. http://en. wikipedia. org/wiki/Social_web.
  10. Steve Friedl, SQL Injection Attacks by Example, http://www. unixwiz. net/techtips/sqlinjection. html.
  11. Ke Wei, M. Muthuprasanna, S. Kothari, Eliminating SQL Injection Attacks in Stored Procedures,pp. 191-198, IEEE ASWEC, 2006.
  12. D. Morgan, "Web application security - SQL injection attacks," Network Security, vol. 2006, pp. 4-5, April 2006.
Index Terms

Computer Science
Information Sciences

Keywords

Sql Injection Evade Attack Authentication