Vulnerability detection and prevention of SQL injection

  • Authors

    • B J. Santhosh Kumar
    • P P. Anaswara
    2018-05-29
    https://doi.org/10.14419/ijet.v7i2.31.13388
  • SQL injection attack, SQL queries.

  • SQL injection attack is the most serious security vulnerabilities on databases are connected with web or within an intranet, most of these vulnerabilities are affected by lack of input validation and SQL parameters are use. The attackers are trying to steal the data which was hidden and by attacking the database using the attacking technique that is called SQL injection attacks. The SQL injection attack detection and prevention technologies are experimented in this paper. There are different defence methods are used to prevent such as, parameterized statement, stored procedures and white list input validation. The comparative results of these methods are highlighted in the table with SQL injection query, prepared statement insertion and selection queries, stored procedures and modify queries. The comparison of these methods used for detection and prevention vulnerability in web server.

     

     

  • References

    1. [1] Natarajan K & Subramani S, “Generation of SQL-injection free secure algorithm to detect and prevent SQL-injection attacksâ€, Procedia Technology 4 Elsevier Ltd, (2012), pp.790–796

      [2] Voitovych OP, Yuvkovetskyi OS & Kupershtein LM, “SQL Injection prevention systemâ€, International Conference Radio Electronics & Info Communications (UkrMiCo), (2016), pp.1-4.

      [3] Fonseca J, Vieira M & Madeira H, “Evaluation of web security mechanisms using vulnerability & attack injectionâ€, IEEE Transactions on Dependable and Secure Computing, Vol.11, No.5,(2014), pp.440-453.

      [4] Brynielsson J & Sharma R, “Detectability of low-rate HTTP server DoS attacks using spectral analysisâ€, IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM), (2015), pp.954-961.

      [5] Qian L, Zhu Z, Hu J & Liu S, “Research of SQL injection attack and prevention technologyâ€, International Conference on Estimation, Detection and Information Fusion (ICEDIF), (2015), pp.303-306.

      [6] Qbea'h M, Alshraideh M & Sabri KE, “Detecting and preventing SQL injection attacks: a formal approachâ€, Cybersecurity and Cyberforensics Conference (CCC), (2016), pp.123-129.

      [7] Djuric Z, “A black-box testing tool for detecting SQL injection vulnerabilitiesâ€, Second International Conference on Informatics and Applications (ICIA), (2013), pp.216-221.

      [8] Alwan ZS & Younis MF, “Detection and Prevention of SQL Injection Attack: A Surveyâ€, International Journal of Computer Science and Mobile Computing, Vol.6, No.8, (2017), pp.5–17.

      [9] Priyaa BD & Devi MI, “Hybrid SQL injection detection systemâ€, 3rd International Conference on Advanced Computing and Communication Systems (ICACCS), (2016), pp.1-5.

      [10] Buja G, Jalil KBA, Ali FBHM & Rahman TFA, “Detection model for SQL injection attack: An approach for preventing a web application from the SQL injection attackâ€, IEEE Symposium on Computer Applications and Industrial Electronics (ISCAIE), (2014), pp.60-64.

      [11] Pushpa BR, “Enhancing Data Security by Adapting Network Security and Cryptographic Paradigmsâ€, International Journal of Computer Science and Information Technologies, Vol.5, (2014), pp.1319–1321.

      [12] Joseph S & Jevitha KP, “Evaluating the Effectiveness of Conventional Fixes for SQL Injection Vulnerabilityâ€, Proceedings of 3rd International Conference on Advanced Computing, Networking and Informatics: ICACNI, (2016).

  • Downloads

  • How to Cite

    J. Santhosh Kumar, B., & P. Anaswara, P. (2018). Vulnerability detection and prevention of SQL injection. International Journal of Engineering & Technology, 7(2.31), 16-18. https://doi.org/10.14419/ijet.v7i2.31.13388