A Viable Solution to Prevent SQL Injection Attack Using SQL Injection

Bharti Nagpal*, Naresh Chauhan**, Nanhay Singh***
*-** Assistant Professor, Ambedkar Institute of Advanced Communication Technology and Research, Delhi, India.
*** Professor and Chairman, YMCA University of Science and Technology, Haryana, India.
Periodicity:September - November'2015
DOI : https://doi.org/10.26634/jcom.3.3.3660

Abstract

Increased usage of web applications in recent years has emphasized the need to achieve confidentiality, integrity and availability of web applications. Web applications are used by the organizations to provide services like online banking, online shopping, social networking, etc. So people expect these applications to be secure and reliable when they are paying bills, shopping online, making transactions, etc. These web applications consist of underlying databases containing confidential user's information like financial information records, medical information records, personal information records which are highly sensitive and valuable, which in turn makes web applications as an ideal target for external attacks such as Structured Query Language (SQL) Injection. In fact, SQL Injection is categorized as the top-10 2010 web application vulnerabilities experienced by web applications according to OWASP (Open Web Application Security Project) [1]. There is an emerging need to handle such attacks to secure the stored information.

Keywords

SQL Injection Attack ,Web Applications, Web Vulnerabilities, Prevention.

How to Cite this Article?

Nagpal, B., Chauhan, N., and Singh, N. (2015). A Viable Solution to Prevent SQL Injection Attack Using SQL Injection. i-manager’s Journal on Computer Science, 3(3), 5-10. https://doi.org/10.26634/jcom.3.3.3660

References

[1]. The Open Web Application Security Project. "OWASP TOP 10 Project", Retrieved from http://www.owasp.org/
[2]. Puspendra Kumar, and R.K. Pateriya, (2012). “A Survey on SQL Injection Attacks, Detection and Prevention Techniques”, IEEE International Conference on Computing, Communication and Network Technologies, pp.1-5.
[3]. Diallo Abdoulaye Kindy and AI-Shakib Khan Pathan, (2011). "A Survey on SQL Injection: Vulnerabilities, Attacks th And Prevention Techniques", IEEE 15 International Symposium on Consumer Electronics, pp.468-471.
[4]. Pankaj Sharma, Rahul Johari, and S.S Sarma, (2012). Integrated Approach to Prevent SQL Injection Attack and Reflected Cross Site Scripting Attack, Springer, pp.343- 351.
[5]. Kunal S, Mohan Das R, and Pais AR, (2011). “Model Based Hybrid Approach to Prevent SQL Injection Attacks in st PHP,” 1 International Conference on Security Aspects of Information Technology InfoSecHiComNet'11, pp.3-15.
[6]. Gao Jiao, Chang-Ming XU, and Jing Msohua, (2012). “SQLIMW: a New Mechanism Against SQL-Injection”, IEEE International Conference on Computer Science and Service System, pp.1178-1180.
[7]. Allen Pomeroy and Qing Tan, (2011). "Effective SQL Injection Attack Reconstruction Using Network Recording", th IEEE 11 International conference on Computer and Information Technology (CIT), pp.552 – 556.
[8]. P. Bisht, P. Madhusudan, and V. N. Venkatakrishnan. (2010). "CANDID:Dynamic Candidate Evaluations for Automatic Prevention of SQL Injection Attacks", ACM Transactions on Information and System Security, Vol.13(2), pp.1–39.
[9]. R. Ezumalai, G. Aghila, (2009). “Combinatorial Approach for Preventing SQL Injection Attacks”, IEEE International Advance Computing Conference (IACC 2009), pp.1212 - 1217.
[10]. M. Junjin, (2009). “An Approach for SQL Injection Vulnerability Detection”, Proceedings of the 6th International Conference on Information Technology, pp.1411-1414.
[11]. SQL Injection. Retrieved from http://www.w3schools. com/sql/sql_injection.asp
If you have access to this article please login to view the article or kindly login to purchase the article

Purchase Instant Access

Single Article

North Americas,UK,
Middle East,Europe
India Rest of world
USD EUR INR USD-ROW
Online 15 15

Options for accessing this content:
  • If you would like institutional access to this content, please recommend the title to your librarian.
    Library Recommendation Form
  • If you already have i-manager's user account: Login above and proceed to purchase the article.
  • New Users: Please register, then proceed to purchase the article.