Abstract

Web Application are used for providing information and function on World Wide web for various e-commerce organization, medical-care, business and Government sectors which further requires security and vulnerabilities. This paper describes the type of SQL Injection Attacks and discusses the technique, to avoid them. The type of SQL Injection Attack, procedure for preventing from SQL Injection Attacks and related work which was done for this has been considered and explained in this paper. An effective and efficient scheme is proposed to prevent SQL Injection Attack which is locating between web application and database. In such a way to use SQM and Sanitization Application are necessary to extend security or keep from attacker to abusing the database. Through two way evaluations, it is proved that our proposed scheme is more secure and can forcefully cover all bases of our web-based application.

References

• Amirtahmasebi, K, Jalalinia, S.R., and Khadem, S., A Survey of SQL Injection defense mechanism, International Conference for Internet Technology and Secured Transaction (ICITST 2009), 9-12 Nov. (2009), pp. 1-8.
• Atefeh Tajpour, Suhaimi Ibrahim, Maslin Masrom,” SQL Injection Detection and Prevention Techniques”, International Journal of Advancements in Computing August 2011.
• Debabrata Kar, Suvasini Panigrahi, Prevention of SQL Injection Attack Using Query Transformation and Hashing, IEEE International Advance Computing Conference (IACC), 2013.
• Ettore Merlo et al. “Insider and outsider threat sensitive SQL injection vulnerability analysis in PHP” IEEE 2006.
• http://www.softwaretestinghelp.com/application for SQL injection attacks.
• Indrani Balasundaram, E.Ramaraj “An Authentication Scheme for Preventing SQL Injection Attack Using Hybrid Encryption (PSQLIAHBE), (ISSN 1450-216X Vol.53 No.3 (2011), pp.359-368).
• Kirti Randhe, Vishal Mogal “Security Engine for prevention of SQL Injection and CSS Attacks using Data Sanitization Technique”, Pune , Vol. 3, Issue 6, June 2015.
• McClure, R.A. and Kruger, I.H., SQL DOM: compile time checking of dynamic SQL statements. 27th International Conference on Software Engineering (ICSE 2005), 15-21 May 2005, pp. 88- 96.
• Prasant Singh Yadav, Pankaj Yadav, K.P.Yadav “A Modern Mechanism to Avoid SQL Injection Attacks in Web Applications”, IJRREST: International Journal of Research Review in Engineering Science and Technology, Volume-1 Issue-1, June 2012.
• Pomeroy, A Qing Tan Sch. of Comput. & Inf. Syst., Athabasca Univ., Athabasca, AB, Canada " Effective SQL Injection Attack Reconstruction Using Network Recording" in Computer and Information Technology (CIT), 2011 IEEE 11th International onference Issue Date: Aug. 31 2011-Sept. 2 2011 On page(s): 552 – 556.
• Surya Pratap Singh, Avinash Singh, Upendra Nath Tripath, Manish Mishra “Proactive Mechanism of Protection against SQL Injection Attack”, Gorakhpur, Vol.3, Issue 5, 2015.
• The Open Web Application Security Project, "OWASP TOP 10 Project", http://www.owasp.org.
• Top 10 2013-A1-Injection, available at: http://www.owasp.org/index.php/Top_10_2013- A1- Injection, last accessed 11 June, 2013.
• V. Nithya, R.Regan, J.vijayaraghavan,”A Survey on SQL Injection attacks, their Detection and Prevention Techniques”"International Journal of Engineering and Computer Science April, 2013.
• Veera Venkateswaramma P, “An Effective Approach for Protecting Web from SQL Injection Attacks”, International Journal of Scientific & Engineering Research, Volume 3, 2012.
• William G.J. Halfond and Alessandro Orso “Preventing SQL Injection Attacks Using AMNESIA,” ICSE’06, Shanghai, China, 2006.
• W. G.J. Halfond, J. Viegas, and A. Orso, “A classification of SQL injection attacks and countermeasures”, In Proceedings of the international Symposium on secure Software Engineering (ISSSE), 2006.
• X. Fu, X. Lu, B. Peltsverger, S. Chen, K. Qian, and L. Tao., “ A Static Analysis Framework for Detecting SQL Injection Vulnerabilities”, COMPSAC 2007, pp.87-96, 24-27 July 2007.