| Peer-Reviewed

An Adaptive Algorithm to Prevent SQL Injection

Received: 22 December 2014     Accepted: 25 December 2014     Published: 28 January 2015
Views:       Downloads:
Abstract

SQL Injection attacks are one of the top most threats for application written for the web. SQL Injection is a type of attack in which the attacker uses SQL commands to gain access or make changes to data. It allows attacker to obtain unauthorized access to the database to change the intended queries. In the web environment, end user privacy is one of the most controversial legal issues. Using SQL Injection, an attacker can leak confidential information such as credit card no. ATM Pin, User Credentials etc from the web applications or even corrupts the database. An unauthorized access to this much of confidential data by an attacker can threat to user confidentiality. In this paper, we had surveyed existing techniques against SQL Injection and analyzed their advantages and disadvantages and proposed a novel and effective solution to avoid attacks on login phase.

Published in American Journal of Networks and Communications (Volume 4, Issue 3-1)

This article belongs to the Special Issue Ad Hoc Networks

DOI 10.11648/j.ajnc.s.2015040301.13
Page(s) 12-15
Creative Commons

This is an Open Access article, distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution and reproduction in any medium or format, provided the original work is properly cited.

Copyright

Copyright © The Author(s), 2015. Published by Science Publishing Group

Keywords

SQLIA, Parse Tree Validation, Code Conversion, Static Query

References
[1] Oppliger, R., "Internet security enters the Middle Ages," Computer , vol.28, no.10, pp.100,101, Oct 1995 doi: 10.1109/2.467613
[2] http://www.w3resource.com/sql/sql-injection/sql-injection.php
[3] www.owasp.org
[4] W.G.J. Halfond, A. Orso, “AMNESIA: analysis and monitoring for Neutralizing SQL-injection attacks,” 20th IEEE/ACM International Conference on Automated Software Engineering, Long Beach, CA, USA, 2005, pp. 174–183.
[5] Michele Spagnuolo,Politecnico di Milano,Milan "Using Parse Tree Validation to Prevent SQL Injection Attacks"
[6] Indrani Balasundaram, E. Ramaraj "An Efficient Technique for Detection and Prevention of SQL Injection Attack using ASCII Based String Matching" International Conference on Communication Technology and System Design 2011 © 2011 Published by Elsevier Ltd. Selection and/or peer-review under responsibility of ICCTSD 2011
[7] Shruti Bangre, Alka Jaiswal "SQL Injection Detection and Prevention Using Input Filter Technique" International Journal of Recent Technology and Engineering (IJRTE) ISSN: 2277-3878, Volume-1, Issue-2, June 2012
[8] Jaskanwal Minhas and Raman Kumar "Blocking of SQL Injection Attacks by Comparing Static and Dynamic Queries" I. J. Computer Network and Information Security, 2013, 2, 1-9 Published Online February 2013 in MECS (http://www.mecs-press.org/) DOI: 10.5815/ijcnis.2013.02.01
[9] W. Halfond, J. Viegas, and A. Orso. A Classification of SQL-Injection Attacks and Countermeasures. Proceedings of the IEEE International Symposium on Secure Software Engineering (ISSSE), 2006.
[10] "A Survey of SQL Injection Defense Mechanisms By Kasra Amirtahmasebi", Seyed Reza Jalalinia and Saghar Khadem, Chalmers University of Technology, Sweden Presented at: Institute of Electrical and Electronics Engineers in 2009
[11] William G.J. Halfond, Jeremy Viegas, and Alessandro Orso "A Classification of SQL Injection Attacks and Countermeasures”.
Cite This Article
  • APA Style

    Ashish John, Ajay Agarwal, Manish Bhardwaj. (2015). An Adaptive Algorithm to Prevent SQL Injection. American Journal of Networks and Communications, 4(3-1), 12-15. https://doi.org/10.11648/j.ajnc.s.2015040301.13

    Copy | Download

    ACS Style

    Ashish John; Ajay Agarwal; Manish Bhardwaj. An Adaptive Algorithm to Prevent SQL Injection. Am. J. Netw. Commun. 2015, 4(3-1), 12-15. doi: 10.11648/j.ajnc.s.2015040301.13

    Copy | Download

    AMA Style

    Ashish John, Ajay Agarwal, Manish Bhardwaj. An Adaptive Algorithm to Prevent SQL Injection. Am J Netw Commun. 2015;4(3-1):12-15. doi: 10.11648/j.ajnc.s.2015040301.13

    Copy | Download

  • @article{10.11648/j.ajnc.s.2015040301.13,
      author = {Ashish John and Ajay Agarwal and Manish Bhardwaj},
      title = {An Adaptive Algorithm to Prevent SQL Injection},
      journal = {American Journal of Networks and Communications},
      volume = {4},
      number = {3-1},
      pages = {12-15},
      doi = {10.11648/j.ajnc.s.2015040301.13},
      url = {https://doi.org/10.11648/j.ajnc.s.2015040301.13},
      eprint = {https://article.sciencepublishinggroup.com/pdf/10.11648.j.ajnc.s.2015040301.13},
      abstract = {SQL Injection attacks are one of the top most threats for application written for the web. SQL Injection is a type of attack in which the attacker uses SQL commands to gain access or make changes to data. It allows attacker to obtain unauthorized access to the database to change the intended queries. In the web environment, end user privacy is one of the most controversial legal issues. Using SQL Injection, an attacker can leak confidential information such as credit card no. ATM Pin, User Credentials etc from the web applications or even corrupts the database. An unauthorized access to this much of confidential data by an attacker can threat to user confidentiality. In this paper, we had surveyed existing techniques against SQL Injection and analyzed their advantages and disadvantages and proposed a novel and effective solution to avoid attacks on login phase.},
     year = {2015}
    }
    

    Copy | Download

  • TY  - JOUR
    T1  - An Adaptive Algorithm to Prevent SQL Injection
    AU  - Ashish John
    AU  - Ajay Agarwal
    AU  - Manish Bhardwaj
    Y1  - 2015/01/28
    PY  - 2015
    N1  - https://doi.org/10.11648/j.ajnc.s.2015040301.13
    DO  - 10.11648/j.ajnc.s.2015040301.13
    T2  - American Journal of Networks and Communications
    JF  - American Journal of Networks and Communications
    JO  - American Journal of Networks and Communications
    SP  - 12
    EP  - 15
    PB  - Science Publishing Group
    SN  - 2326-8964
    UR  - https://doi.org/10.11648/j.ajnc.s.2015040301.13
    AB  - SQL Injection attacks are one of the top most threats for application written for the web. SQL Injection is a type of attack in which the attacker uses SQL commands to gain access or make changes to data. It allows attacker to obtain unauthorized access to the database to change the intended queries. In the web environment, end user privacy is one of the most controversial legal issues. Using SQL Injection, an attacker can leak confidential information such as credit card no. ATM Pin, User Credentials etc from the web applications or even corrupts the database. An unauthorized access to this much of confidential data by an attacker can threat to user confidentiality. In this paper, we had surveyed existing techniques against SQL Injection and analyzed their advantages and disadvantages and proposed a novel and effective solution to avoid attacks on login phase.
    VL  - 4
    IS  - 3-1
    ER  - 

    Copy | Download

Author Information
  • Department of Computer science and Engineering, SRM University, NCR Campus, Modinagar, Ghaziabad, India

  • Department of Computer science and Engineering, SRM University, NCR Campus, Modinagar, Ghaziabad, India

  • Department of Computer science and Engineering, SRM University, NCR Campus, Modinagar, Ghaziabad, India

  • Sections