Combinatorial Approach for Preventing SQL Injection Attacks

Ezumalai, R.; Aghila, G.

doi:10.1109/iadcc.2009.4809188

Cited by 33 publications

(17 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…5.14 "Combinatorial Approach for Preventing SQL Injection Attacks" [16] This approach uses both static and dynamic approaches to detect a SQL injection. It is a signature based SQL injection detection technique.…”

Section: "A Data-centric Approach To Insider Attack Detection In Datamentioning

confidence: 99%

A Survey on the Detection of SQL Injection Attacks and Their Countermeasures

2015

J Inf Process Syst

View full text Add to dashboard Cite

The Structured Query Language (SQL) Injection continues to be one of greatest security risks in the world according to the Open Web Application Security Project's (OWASP) [1] Top 10 Security vulnerabilities 2013. The ease of exploitability and severe impact puts this attack at the top. As the countermeasures become more sophisticated, SOL Injection Attacks also continue to evolve, thus thwarting the attempt to eliminate this attack completely. The vulnerable data is a source of worry for government and financial institutions. In this paper, a detailed survey of different types of SQL Injection and proposed methods and theories are presented, along with various tools and their efficiency in intercepting and preventing SQL attacks.

show abstract

Section: "A Data-centric Approach To Insider Attack Detection In Datamentioning

confidence: 99%

A Survey on the Detection of SQL Injection Attacks and Their Countermeasures

2015

J Inf Process Syst

View full text Add to dashboard Cite

show abstract

“…DoubleGuard [8] is a java based application. In order to avoid object duplication, lots of statistical analysis and structure mapping is required.…”

Section: Canid [6]mentioning

confidence: 99%

A Proposed Architecture for Query Anomaly Detection and Prevention against SQL Injection Attacks

George¹,

Jacob²

2016

IJCA

View full text Add to dashboard Cite

SQL injection is a predominant type of attack which targets web applications and databases. SQL injection bypasses the authentication logic and breaks the confidentiality of the database or manipulates the database. It helps the attacker to obtain unauthorized access into the back end database. Vulnerability exists within a web application when it does not provide a proper validation system for the data entered by the user in the input field. Vulnerability scanners aid in checking vulnerabilities embedded in a web application and has the potential to test invalid forms of input query. However, the limitation lies in the reduction of system availability due to denial of service, especially in case of false positives. In this paper, an approach which focuses on query template based detection of SQL injection attack and reconstruction of queries is proposed. Thus the proposed architecture can mitigate the denial of service and increase the availability by potentially reconstructing malicious queries.

show abstract

“…Since the web service is not integrated with the web application, any modification that should be done to the system should be done in such a way that it should be supported by the web service. [3] R. Ezumalai, G. Aghila, proposed a combinatorial approach for shielding web applications against SQL injection attacks. This combinatorial approach incorporates signature based method, used to address security problems related to input validation and auditing based method which analyze the transactions to find out the malicious access.…”

Section: Literature Surveymentioning

confidence: 99%

Preventing SQL Injection Attacks

Asha¹,

Kumar²,

Vaidhyanathan.³

2012

IJCA

View full text Add to dashboard Cite

With the recent rapid increase in web based applications that employ back-end database services, results show that SQL Injection and Remote File Inclusion are the two frequently used exploits rather than using other complicated techniques. With the rise in use of web applications, SQL injection based attacks are gradually increasing and is now one of the most common attacks in the internet. It allows an attacker to gain control over the database of an application, thereby able to read and alter confidential data. This paper illustrates few different forms of SQL injection and based on observation, it is seen that SQL Injection is interpreted differently on different databases. Finally, an effective solution is proposed for the prevention of these kinds of injection attacks, in such a way that it is independent of the underlying platform and database. Two levels of user authentication has been proposed in this method, SQL based authentication and an XML based authentication, and has been found to be very effective in preventing such attacks.

show abstract

Combinatorial Approach for Preventing SQL Injection Attacks

Cited by 33 publications

References 11 publications

A Survey on the Detection of SQL Injection Attacks and Their Countermeasures

A Survey on the Detection of SQL Injection Attacks and Their Countermeasures

A Proposed Architecture for Query Anomaly Detection and Prevention against SQL Injection Attacks

Preventing SQL Injection Attacks

Contact Info

Product

Resources

About