Proposed Method for SQL Injection Detection and its Prevention

  • Abstract
  • Keywords
  • References
  • PDF
  • Abstract

    SQL injection attack is a commonly used method to attack the database server. Injection attacks enable the attacker to bypass the validation and authorization mechanisms used by database server and gain access to the database. The easiest way to launch this attack is by exploiting the loopholes in the validation of user inputs provided through login pages. Each login page that a user visits can contribute towards revealing the identity of the user. Feedbacks given by the server while executing an SQL code can reveal information regarding the vulnerabilities in the validation process of the database server. This information can be misused by the attacker to launch an SQL injection attack. This paper discusses a technique for identifying and preventing SQL injection attack using tokenization concept. The paper discusses a function which verifies the user queries for the presence of various predefined tokens and thereby preventing the access to web pages in cases where the user query includes any of the defined tokens.

  • Keywords

    SQL, SQL Injection attacks, SQL Injection Vulnerability, Tokenization.

  • References

      [1] Voitovych O.P, Yukovetskyi O.S., “SQL Injection Prevention System”, IEEE International Conference Radio Electronics & Communication, 2016

      [2] Srinivas A., Varalakshmi P., “An Application Specific Randomized Encryption Algorithm to Prevent SQL Injection”, International Conference on Trust, Security and Privacy in Computing and Communication, IEEE.

      [3] Xiang Fu, Xin Lu Boris, PeltsvergerShijunChen,”A Static Analysis Framework for Detecting SQL Injection Vulnerabilities”, International Computer software and Applications conference, 2007.

      [4] Pandurang R. and Karia D., “Impact analysis of preventing cross site scripting and SQL injection attacks on web application”, IEEE Bombay Section Symposium (IBSS), 2015.

      [5] Chenyu M. and Fan G.,”Defending SQL injection attacks based-on intention-oriented detection”, 11th International Conference on Computer Science & Education (ICCSE), 2016.

      [6] Abirami J., Devakunchari R. and Valliyammai C.,”A top web security vulnerability SQL injection attack”, Seventh International Conference on Advanced Computing (ICoAC),2015.

      [7] Gudipati V., Venna T., Subburaj S. and AbuzaghlehO.,”Advanced automated SQL injection attacks and defensive mechanisms”,Annual Connecticut Conference on Industrial Electronics, Technology & Automation (CT-IETA), 2016.

      [8] Karuparthi R. and Zhou B.,”Enhanced Approach to Detection of SQL Injection Attack”, 15th IEEE International Conference on Machine Learning and Applications (ICMLA), 2016.

      [9] Li Qian, Zhenyuan Zhu, Jun Hu and ShuyingLiu,”Research of SQL injection attack and prevention technology”, International Conference on Estimation, Detection and Information Fusion (ICEDIF), 2015.

      [10] Sonewar P. and ThosarS.,”Detection of SQL injection and XSS attacks in three tier web applications”, International Conference on Computing Communication Control and automation (ICCUBEA), 2016.




Article ID: 10569
DOI: 10.14419/ijet.v7i2.6.10569

Copyright © 2012-2015 Science Publishing Corporation Inc. All rights reserved.