Proposed Method for SQL Injection Detection and its Prevention

  • Authors

    • Ashish Kumar
    • Sumitra Binu
    2018-03-11
    https://doi.org/10.14419/ijet.v7i2.6.10569
  • SQL, SQL Injection attacks, SQL Injection Vulnerability, Tokenization.
  • SQL injection attack is a commonly used method to attack the database server. Injection attacks enable the attacker to bypass the validation and authorization mechanisms used by database server and gain access to the database. The easiest way to launch this attack is by exploiting the loopholes in the validation of user inputs provided through login pages. Each login page that a user visits can contribute towards revealing the identity of the user. Feedbacks given by the server while executing an SQL code can reveal information regarding the vulnerabilities in the validation process of the database server. This information can be misused by the attacker to launch an SQL injection attack. This paper discusses a technique for identifying and preventing SQL injection attack using tokenization concept. The paper discusses a function which verifies the user queries for the presence of various predefined tokens and thereby preventing the access to web pages in cases where the user query includes any of the defined tokens.

  • References

    1. [1] Voitovych O.P, Yukovetskyi O.S., “SQL Injection Prevention Systemâ€, IEEE International Conference Radio Electronics & Communication, 2016

      [2] Srinivas A., Varalakshmi P., “An Application Specific Randomized Encryption Algorithm to Prevent SQL Injectionâ€, International Conference on Trust, Security and Privacy in Computing and Communication, IEEE.

      [3] Xiang Fu, Xin Lu Boris, PeltsvergerShijunChen,â€A Static Analysis Framework for Detecting SQL Injection Vulnerabilitiesâ€, International Computer software and Applications conference, 2007.

      [4] Pandurang R. and Karia D., “Impact analysis of preventing cross site scripting and SQL injection attacks on web applicationâ€, IEEE Bombay Section Symposium (IBSS), 2015.

      [5] Chenyu M. and Fan G.,â€Defending SQL injection attacks based-on intention-oriented detectionâ€, 11th International Conference on Computer Science & Education (ICCSE), 2016.

      [6] Abirami J., Devakunchari R. and Valliyammai C.,â€A top web security vulnerability SQL injection attackâ€, Seventh International Conference on Advanced Computing (ICoAC),2015.

      [7] Gudipati V., Venna T., Subburaj S. and AbuzaghlehO.,â€Advanced automated SQL injection attacks and defensive mechanismsâ€,Annual Connecticut Conference on Industrial Electronics, Technology & Automation (CT-IETA), 2016.

      [8] Karuparthi R. and Zhou B.,â€Enhanced Approach to Detection of SQL Injection Attackâ€, 15th IEEE International Conference on Machine Learning and Applications (ICMLA), 2016.

      [9] Li Qian, Zhenyuan Zhu, Jun Hu and ShuyingLiu,â€Research of SQL injection attack and prevention technologyâ€, International Conference on Estimation, Detection and Information Fusion (ICEDIF), 2015.

      [10] Sonewar P. and ThosarS.,â€Detection of SQL injection and XSS attacks in three tier web applicationsâ€, International Conference on Computing Communication Control and automation (ICCUBEA), 2016.

  • Downloads

  • How to Cite

    Kumar, A., & Binu, S. (2018). Proposed Method for SQL Injection Detection and its Prevention. International Journal of Engineering & Technology, 7(2.6), 213-216. https://doi.org/10.14419/ijet.v7i2.6.10569