Vulnerability detection and prevention of SQL injection

  • Abstract
  • Keywords
  • References
  • PDF
  • Abstract

    SQL injection attack is the most serious security vulnerabilities on databases are connected with web or within an intranet, most of these vulnerabilities are affected by lack of input validation and SQL parameters are use. The attackers are trying to steal the data which was hidden and by attacking the database using the attacking technique that is called SQL injection attacks. The SQL injection attack detection and prevention technologies are experimented in this paper. There are different defence methods are used to prevent such as, parameterized statement, stored procedures and white list input validation. The comparative results of these methods are highlighted in the table with SQL injection query, prepared statement insertion and selection queries, stored procedures and modify queries. The comparison of these methods used for detection and prevention vulnerability in web server.



  • Keywords

    SQL injection attack, SQL queries.

  • References

      [1] Natarajan K & Subramani S, “Generation of SQL-injection free secure algorithm to detect and prevent SQL-injection attacks”, Procedia Technology 4 Elsevier Ltd, (2012), pp.790–796

      [2] Voitovych OP, Yuvkovetskyi OS & Kupershtein LM, “SQL Injection prevention system”, International Conference Radio Electronics & Info Communications (UkrMiCo), (2016), pp.1-4.

      [3] Fonseca J, Vieira M & Madeira H, “Evaluation of web security mechanisms using vulnerability & attack injection”, IEEE Transactions on Dependable and Secure Computing, Vol.11, No.5,(2014), pp.440-453.

      [4] Brynielsson J & Sharma R, “Detectability of low-rate HTTP server DoS attacks using spectral analysis”, IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM), (2015), pp.954-961.

      [5] Qian L, Zhu Z, Hu J & Liu S, “Research of SQL injection attack and prevention technology”, International Conference on Estimation, Detection and Information Fusion (ICEDIF), (2015), pp.303-306.

      [6] Qbea'h M, Alshraideh M & Sabri KE, “Detecting and preventing SQL injection attacks: a formal approach”, Cybersecurity and Cyberforensics Conference (CCC), (2016), pp.123-129.

      [7] Djuric Z, “A black-box testing tool for detecting SQL injection vulnerabilities”, Second International Conference on Informatics and Applications (ICIA), (2013), pp.216-221.

      [8] Alwan ZS & Younis MF, “Detection and Prevention of SQL Injection Attack: A Survey”, International Journal of Computer Science and Mobile Computing, Vol.6, No.8, (2017), pp.5–17.

      [9] Priyaa BD & Devi MI, “Hybrid SQL injection detection system”, 3rd International Conference on Advanced Computing and Communication Systems (ICACCS), (2016), pp.1-5.

      [10] Buja G, Jalil KBA, Ali FBHM & Rahman TFA, “Detection model for SQL injection attack: An approach for preventing a web application from the SQL injection attack”, IEEE Symposium on Computer Applications and Industrial Electronics (ISCAIE), (2014), pp.60-64.

      [11] Pushpa BR, “Enhancing Data Security by Adapting Network Security and Cryptographic Paradigms”, International Journal of Computer Science and Information Technologies, Vol.5, (2014), pp.1319–1321.

      [12] Joseph S & Jevitha KP, “Evaluating the Effectiveness of Conventional Fixes for SQL Injection Vulnerability”, Proceedings of 3rd International Conference on Advanced Computing, Networking and Informatics: ICACNI, (2016).




Article ID: 13388
DOI: 10.14419/ijet.v7i2.31.13388

Copyright © 2012-2015 Science Publishing Corporation Inc. All rights reserved.