Abstract

With the rise of internet, web application, such as online banking and web-based email, the web services as an instant means of information dissemination and various other transactions has essentially made them a key component of today’s Internet infrastructure. Web-based systems consist of both infrastructure components and of application specific code. But there are many reports on intrusion from external hacker which compromised the back end database system. SQL-Injection Attacks are a class of attacks that many of these systems are highly vulnerable to.

References

• Noor Ashitah Abu Othman, Fakariah Hani Mohd Ali and Mashyum Binti Mohd Noh: Secured Web Application Using Combination of Query Tokenization and Adaptive Method in Preventing SQL Injection Attacks. 2014 IEEE, 2014 International Conference on Computer, Communication, and Control Technology (l4CT 2014), September 2 - 4,2014 - Langkawi, Kedah, Malaysia
• Anamika Joshi and Geetha V: SQL Injection Detection using Machine Learning. 2014 International Conference on Control, Instrumentation, Communication and Computational Technologies (ICCICCT) ©2014 IEEE.
• Jaskanwal Minhas, Raman Kumar. Blocking of SQL Injection attack by Comparing Static and Dynamic queries. International Journal of computer network and Information Security 2013.
• A. Dasgupta, V. Narasayya, M. Syamala. A Static Analysis Framework for Database Applications. IEEE 25th International Conference on Data Engineering. Pages 1403 – 1414, March 2009.
• W. Halfond, J. Viegas and A. Orso. A Classification of SQL Injection Attacks and Countermeasures, Proceedings of the IEEE International Symposium on Secure Software Engineering (ISSSE), 2006
• W. G. Halfond and A. Orso. AMNESIA: Analysis and Monitoring for NEutralizing SQL-Injection Attacks. In Proceedings of the IEEE and ACM International Conference on Automated Software Engineering (ASE 2005), Long Beach, CA, USA, Nov 2005.
• Wikipedia, “SQL injection” http://en.wikipedia.org/wiki/SQL_injection
• William G. J. Halfond, Alessandro Orso. Combining Static Analysis & Runtime Monitoring to Counter SQL-Injection Attacks. SIGSOFT Software Engineering Notes Volume 30 Issue 4. July 2005.
• Kumar, Anil, Rohit Agarwal, and Rahul Kala. "Temporal Logic based Motion Planning in Unstructured Environments."
• F. Valeur, D. Mutz, and G. Vigna. A Learning-Based Approach to the Detection of SQL Attacks. In Proceedings of the Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA), pages 123–140, 2005.
• Boyd and A. Keromytis. SQLrand: Preventing SQL injection attacks. In Proceedings of the Applied Cryptography and Network Security (ACNS), pages 292–304, 2004.
• G. Wassermann and Z. Su. An Analysis Framework for Security in Web Applications. In Proceedings of the FSE Workshop on Specification and Verification of Component-Based Systems (SAVCBS), pages 70–78, 2004.
• Kumar, Anil, and Rahul Kala. "Linear Temporal Logic-based Mission Planning." IJIMAI 3.7 (2016): 32-41.