Volume 4, Issue 3-1, May 2015, Page: 12-15
An Adaptive Algorithm to Prevent SQL Injection
Ashish John, Department of Computer science and Engineering, SRM University, NCR Campus, Modinagar, Ghaziabad, India
Ajay Agarwal, Department of Computer science and Engineering, SRM University, NCR Campus, Modinagar, Ghaziabad, India
Manish Bhardwaj, Department of Computer science and Engineering, SRM University, NCR Campus, Modinagar, Ghaziabad, India
Received: Dec. 22, 2014;       Accepted: Dec. 25, 2014;       Published: Jan. 28, 2015
DOI: 10.11648/j.ajnc.s.2015040301.13      View  3247      Downloads  256
Abstract
SQL Injection attacks are one of the top most threats for application written for the web. SQL Injection is a type of attack in which the attacker uses SQL commands to gain access or make changes to data. It allows attacker to obtain unauthorized access to the database to change the intended queries. In the web environment, end user privacy is one of the most controversial legal issues. Using SQL Injection, an attacker can leak confidential information such as credit card no. ATM Pin, User Credentials etc from the web applications or even corrupts the database. An unauthorized access to this much of confidential data by an attacker can threat to user confidentiality. In this paper, we had surveyed existing techniques against SQL Injection and analyzed their advantages and disadvantages and proposed a novel and effective solution to avoid attacks on login phase.
Keywords
SQLIA, Parse Tree Validation, Code Conversion, Static Query
To cite this article
Ashish John, Ajay Agarwal, Manish Bhardwaj, An Adaptive Algorithm to Prevent SQL Injection, American Journal of Networks and Communications. Special Issue: Ad Hoc Networks. Vol. 4, No. 3-1, 2015, pp. 12-15. doi: 10.11648/j.ajnc.s.2015040301.13
Reference
[1]
Oppliger, R., "Internet security enters the Middle Ages," Computer , vol.28, no.10, pp.100,101, Oct 1995 doi: 10.1109/2.467613
[2]
http://www.w3resource.com/sql/sql-injection/sql-injection.php
[3]
www.owasp.org
[4]
W.G.J. Halfond, A. Orso, “AMNESIA: analysis and monitoring for Neutralizing SQL-injection attacks,” 20th IEEE/ACM International Conference on Automated Software Engineering, Long Beach, CA, USA, 2005, pp. 174–183.
[5]
Michele Spagnuolo,Politecnico di Milano,Milan "Using Parse Tree Validation to Prevent SQL Injection Attacks"
[6]
Indrani Balasundaram, E. Ramaraj "An Efficient Technique for Detection and Prevention of SQL Injection Attack using ASCII Based String Matching" International Conference on Communication Technology and System Design 2011 © 2011 Published by Elsevier Ltd. Selection and/or peer-review under responsibility of ICCTSD 2011
[7]
Shruti Bangre, Alka Jaiswal "SQL Injection Detection and Prevention Using Input Filter Technique" International Journal of Recent Technology and Engineering (IJRTE) ISSN: 2277-3878, Volume-1, Issue-2, June 2012
[8]
Jaskanwal Minhas and Raman Kumar "Blocking of SQL Injection Attacks by Comparing Static and Dynamic Queries" I. J. Computer Network and Information Security, 2013, 2, 1-9 Published Online February 2013 in MECS (http://www.mecs-press.org/) DOI: 10.5815/ijcnis.2013.02.01
[9]
W. Halfond, J. Viegas, and A. Orso. A Classification of SQL-Injection Attacks and Countermeasures. Proceedings of the IEEE International Symposium on Secure Software Engineering (ISSSE), 2006.
[10]
"A Survey of SQL Injection Defense Mechanisms By Kasra Amirtahmasebi", Seyed Reza Jalalinia and Saghar Khadem, Chalmers University of Technology, Sweden Presented at: Institute of Electrical and Electronics Engineers in 2009
[11]
William G.J. Halfond, Jeremy Viegas, and Alessandro Orso "A Classification of SQL Injection Attacks and Countermeasures”.
Browse journals by subject