Google scholar arxiv informatics ads IJAIS publications are indexed with Google Scholar, NASA ADS, Informatics et. al.

Call for Paper

-

July Edition 2021

International Journal of Applied Information Systems solicits high quality original research papers for the July 2021 Edition of the journal. The last date of research paper submission is June 15, 2021.

Analysis of Detection and Prevention of Various SQL Injection Attacks on Web Applications

Nanhay Singh, Khushal Singh, Ram Shringar Raw Published in Security

International Journal of Applied Information Systems
Year of Publication 2012
© 2010 by IJAIS Journal
10.5120/ijais12-450372
Download full text
  1. Nanhay Singh, Khushal Singh and Ram Shringar Raw. Article: Analysis of Detection and Prevention of Various SQL Injection Attacks on Web Applications. International Journal of Applied Information Systems 2(7):20-26, May 2012. BibTeX

    @article{key:article,
    	author = "Nanhay Singh and Khushal Singh and Ram Shringar Raw",
    	title = "Article: Analysis of Detection and Prevention of Various SQL Injection Attacks on Web Applications",
    	journal = "International Journal of Applied Information Systems",
    	year = 2012,
    	volume = 2,
    	number = 7,
    	pages = "20-26",
    	month = "May",
    	note = "Published by Foundation of Computer Science, New York, USA"
    }
    

Abstract

Securing the website against cyber attack is a big challenge. One of the most critical cyber attack is the Structured Query Language Injection Attack (SQLIA). In resulting of this attack an attacker to gain control over the database of an application and accordingly an attacker may be able to interpolate the data of database server of the website. The analysis of detection and prevention of SQLIA help to get rid of this attack. The SQLIA are ill-used by the attacker to do the financial fraud, website defacement, sabotage, to get the confidential information etc. The vulnerability of SQL in RDBMS (relational database management system) of a website database server can be resulted from inappropriate programming due to which the attacker can exploit the SQLIA and to gain the access to confidential information. In this work, we have presented different types of attack methods, countermeasures and prevention techniques of SQLIA. This work also present the conditions under which the SQLIA perform

Reference

  1. J. V. William G. J. Halfond and A. Orso, "A classification of sql injection attacks and countermeasures," 2006.
  2. A. Tajpour; M. Masrom; M. Z. Heydari. ; S. Ibrahim; "SQL injection detection and prevention tools assessment, " Proc. Of ICCSIT 2010, vol. 9, no. , pp. 518-522, 9-11 July 2010.
  3. G. Buehrer, B. W. Weide, P. A. G. Sivilotti, Using Parse Tree Validation to Prevent SQL Injection Attacks,in:5th International Workshop on Software Engineering and Middleware, Lisbon, Portugal, 2005.
  4. P. Bisht, P. Madhusudan, and V. N. Venkatakrishnan. CANDID: Dynamic Candidate Evaluations for Automatic Prevention of SQL Injection Attacks. ACM Trans. Inf. Syst. Secur. , 13(2):1–39, 2010l
  5. S. Thomas and L. Williams, "Using Automated Fix Generation to Secure SQL Statements", Third International Workshop on Software Engineering for Secure Systems (SESS'07), Minneapolis, 2007.
  6. The Open Web Application Security Project (OWASP), http://www. owasp. org/index. php/Top_10_2007.
  7. J. Kirk, Databases Assaulted by SQL Injection Attacks, first ed. , Retrieved Issue 1, Volume1 ,2006, http://www. cio. com/article/23133/Databases_Assaulted_by_SQL_Injection_Attacks.
  8. Stephen thomas ,laurie williams, tao xie,"On automated prepared statement generation to remove SQL Injection vulnerabilities "Information and Software Technology 51 (2009) page no. 590.
  9. http://en. wikipedia. org/wiki/Social_web.
  10. Steve Friedl, SQL Injection Attacks by Example, http://www. unixwiz. net/techtips/sqlinjection. html.
  11. Ke Wei, M. Muthuprasanna, S. Kothari, Eliminating SQL Injection Attacks in Stored Procedures,pp. 191-198, IEEE ASWEC, 2006.
  12. D. Morgan, "Web application security - SQL injection attacks," Network Security, vol. 2006, pp. 4-5, April 2006.

Keywords

Sql Injection, Evade, Attack, Authentication