SQL Injection Attack on Web Application
DOI:
https://doi.org/10.51983/ajcst-2018.7.S1.1814Keywords:
SQL Injection, Hacking, Authentication, Back Tracking, Intrusion, SQL QueriesAbstract
SQL injection attacks are one of the highest dangers for applications composed for the Web. These attacks are dispatched through uncommonly made client information on web applications that utilizes low level string operations to build SQL queries. An SQL injection weakness permits an assailant to stream summons straightforwardly to a web application’s hidden database and annihilate usefulness or privacy. In this paper we proposed a simplified algorithm which works on the basic features of the SQL Injection attacks and will successfully detect almost all types of SQL Injection attacks. In the paper we have also presented the experiment results in order to acknowledge the proficiency of our algorithm.
References
A. Petukhov and D. Kozlov, "Detecting Security Vulnerabilities in Web Applications Using Dynamic Analysis with Penetration Testing," Proceedings of Application Security Conference, Ghent, Belgium, 19-22 May, 2008.
K. Ahmad, J. Shekhar, and K.P. Yadav, "A Potential Solution to Mitigate SQL Injection Attack," VSRD Technical & Non-Technical Journal, vol. 1, no. 2, pp. 145-152, 2010.
B. Indrani and E. Ramaraj, "An Approach to Detect and Prevent SQL Injection Attacks in Database Using Web Service," IJCSNS International Journal of Computer Science and Network Security, vol. 11, no. 1, January 2011.
P. Ramasamy and S. Abburu, "SQL Injection Attack Detected and Prevention," International Journal of Engineering Science and Technology (IJEST), vol. 4, no. 04, April 2012.
S. Manmadhan and Manesh T, "A Method of Detecting SQL Injection Attack to Secure Web Applications," International Journal of Distributed and Parallel Systems (IJDPS), vol. 3, no. 6, Nov. 2012.
L. Kishori and K. Sunil, "Detection and Prevention of SQL-Injection Attacks of Web Application Using Comparing Length of SQL Query," vol. 1, February 2012.
A. Keromytis, and V. Prevelakis, "Countering code injection attacks with instruction-set randomization in Proceedings of the 10th ACM," Conference on Computer and Communication Security Washington D.C., pp. 272-280.
Bojken Shehu, and Aleksander Xhuvani, "A literature Review and comparative analysis on SQL injection: Vulnerabilities, attacks and their detection and prevention Techniques," International Journal of Computer Science Issues, vol. 11, no. 1, 2014.
Hussein AlNabulsi, Izzat Alsmadi, and Mohammad AlJarrah, "Textual Manipulation for SQL Injection attack," I.J. computer Network and Information Security, 2014.
F. Valeur, D. Mutz, and G. Vigna, "A learning-based approach to the detection of SQL attacks," LNCS, vol. 3548, pp. 123-140, 2005.
A. Anitha, and V. Vaidehi, "Context based Application Level Intrusion Detection System" in Washington, DC, USA: IEEE Computer Society, pp. 16, 2006.
L. Chen, Z. Li, C. Gao, and Y. Liu, "Modeling and Analyzing Dynamic Forensics System Based on Intrusion Tolerance" in Washington, DC, USA: IEEE Computer Society, pp. 230-235, 2009.
C.J. Ezeife, J. Dong, and A.K. Aggarwal, "SensorWebIDS: A Web Mining Intrusion Detection System," International Journal of Web Information Systems, vol. 4, pp. 97-120, 2007.
E. Bertino, A. Kamra, and J. Early, "Profiling Database Application to Detect SQL Injection Attacks," In the Proceedings of 2007 IEEE International Performance, Computing, and Communications Conference, 2007.
William G.J. Halfond, Alessandro Orso, and Panagiotis Manolios, "WASP: Protecting Web Applications Using Positive Tainting and Syntax-Aware Evaluation," IEEE Transactions on Software Engineering, vol. 34, no. 1, pp. 65-81, 2008.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2018 The Research Publication
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
