SQL Injection attacks are one of the top most threats for application written for the web. SQL Injection is a type of attack in which the attacker uses SQL commands to gain access or make changes to data. It allows attacker to obtain unauthorized access to the database to change the intended queries. In the web environment, end user privacy is one of the most controversial legal issues. Using SQL Injection, an attacker can leak confidential information such as credit card no. ATM Pin, User Credentials etc from the web applications or even corrupts the database. An unauthorized access to this much of confidential data by an attacker can threat to user confidentiality. In this paper, we had surveyed existing techniques against SQL Injection and analyzed their advantages and disadvantages and proposed a novel and effective solution to avoid attacks on login phase.
| Published in |
American Journal of Networks and Communications (Volume 4, Issue 3-1)
This article belongs to the Special Issue Ad Hoc Networks |
| DOI | 10.11648/j.ajnc.s.2015040301.13 |
| Page(s) | 12-15 |
| Creative Commons |
This is an Open Access article, distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution and reproduction in any medium or format, provided the original work is properly cited. |
| Copyright |
Copyright © The Author(s), 2024. Published by Science Publishing Group |
SQLIA, Parse Tree Validation, Code Conversion, Static Query
| [1] | Oppliger, R., "Internet security enters the Middle Ages," Computer , vol.28, no.10, pp.100,101, Oct 1995 doi: 10.1109/2.467613 |
| [2] | http://www.w3resource.com/sql/sql-injection/sql-injection.php |
| [3] | www.owasp.org |
| [4] | W.G.J. Halfond, A. Orso, “AMNESIA: analysis and monitoring for Neutralizing SQL-injection attacks,” 20th IEEE/ACM International Conference on Automated Software Engineering, Long Beach, CA, USA, 2005, pp. 174–183. |
| [5] | Michele Spagnuolo,Politecnico di Milano,Milan "Using Parse Tree Validation to Prevent SQL Injection Attacks" |
| [6] | Indrani Balasundaram, E. Ramaraj "An Efficient Technique for Detection and Prevention of SQL Injection Attack using ASCII Based String Matching" International Conference on Communication Technology and System Design 2011 © 2011 Published by Elsevier Ltd. Selection and/or peer-review under responsibility of ICCTSD 2011 |
| [7] | Shruti Bangre, Alka Jaiswal "SQL Injection Detection and Prevention Using Input Filter Technique" International Journal of Recent Technology and Engineering (IJRTE) ISSN: 2277-3878, Volume-1, Issue-2, June 2012 |
| [8] | Jaskanwal Minhas and Raman Kumar "Blocking of SQL Injection Attacks by Comparing Static and Dynamic Queries" I. J. Computer Network and Information Security, 2013, 2, 1-9 Published Online February 2013 in MECS (http://www.mecs-press.org/) DOI: 10.5815/ijcnis.2013.02.01 |
| [9] | W. Halfond, J. Viegas, and A. Orso. A Classification of SQL-Injection Attacks and Countermeasures. Proceedings of the IEEE International Symposium on Secure Software Engineering (ISSSE), 2006. |
| [10] | "A Survey of SQL Injection Defense Mechanisms By Kasra Amirtahmasebi", Seyed Reza Jalalinia and Saghar Khadem, Chalmers University of Technology, Sweden Presented at: Institute of Electrical and Electronics Engineers in 2009 |
| [11] | William G.J. Halfond, Jeremy Viegas, and Alessandro Orso "A Classification of SQL Injection Attacks and Countermeasures”. |
APA Style
Ashish John, Ajay Agarwal, Manish Bhardwaj. (2015). An Adaptive Algorithm to Prevent SQL Injection. American Journal of Networks and Communications, 4(3-1), 12-15. https://doi.org/10.11648/j.ajnc.s.2015040301.13
ACS Style
Ashish John; Ajay Agarwal; Manish Bhardwaj. An Adaptive Algorithm to Prevent SQL Injection. Am. J. Netw. Commun. 2015, 4(3-1), 12-15. doi: 10.11648/j.ajnc.s.2015040301.13
AMA Style
Ashish John, Ajay Agarwal, Manish Bhardwaj. An Adaptive Algorithm to Prevent SQL Injection. Am J Netw Commun. 2015;4(3-1):12-15. doi: 10.11648/j.ajnc.s.2015040301.13
Share This Article
Twitter
Linked In
Facebook
Copy
Download@article{10.11648/j.ajnc.s.2015040301.13,
author = {Ashish John and Ajay Agarwal and Manish Bhardwaj},
title = {An Adaptive Algorithm to Prevent SQL Injection},
journal = {American Journal of Networks and Communications},
volume = {4},
number = {3-1},
pages = {12-15},
doi = {10.11648/j.ajnc.s.2015040301.13},
url = {https://doi.org/10.11648/j.ajnc.s.2015040301.13},
eprint = {https://article.sciencepublishinggroup.com/pdf/10.11648.j.ajnc.s.2015040301.13},
abstract = {SQL Injection attacks are one of the top most threats for application written for the web. SQL Injection is a type of attack in which the attacker uses SQL commands to gain access or make changes to data. It allows attacker to obtain unauthorized access to the database to change the intended queries. In the web environment, end user privacy is one of the most controversial legal issues. Using SQL Injection, an attacker can leak confidential information such as credit card no. ATM Pin, User Credentials etc from the web applications or even corrupts the database. An unauthorized access to this much of confidential data by an attacker can threat to user confidentiality. In this paper, we had surveyed existing techniques against SQL Injection and analyzed their advantages and disadvantages and proposed a novel and effective solution to avoid attacks on login phase.},
year = {2015}
}
TY - JOUR T1 - An Adaptive Algorithm to Prevent SQL Injection AU - Ashish John AU - Ajay Agarwal AU - Manish Bhardwaj Y1 - 2015/01/28 PY - 2015 N1 - https://doi.org/10.11648/j.ajnc.s.2015040301.13 DO - 10.11648/j.ajnc.s.2015040301.13 T2 - American Journal of Networks and Communications JF - American Journal of Networks and Communications JO - American Journal of Networks and Communications SP - 12 EP - 15 PB - Science Publishing Group SN - 2326-8964 UR - https://doi.org/10.11648/j.ajnc.s.2015040301.13 AB - SQL Injection attacks are one of the top most threats for application written for the web. SQL Injection is a type of attack in which the attacker uses SQL commands to gain access or make changes to data. It allows attacker to obtain unauthorized access to the database to change the intended queries. In the web environment, end user privacy is one of the most controversial legal issues. Using SQL Injection, an attacker can leak confidential information such as credit card no. ATM Pin, User Credentials etc from the web applications or even corrupts the database. An unauthorized access to this much of confidential data by an attacker can threat to user confidentiality. In this paper, we had surveyed existing techniques against SQL Injection and analyzed their advantages and disadvantages and proposed a novel and effective solution to avoid attacks on login phase. VL - 4 IS - 3-1 ER -
Information
Email: