Neutralizing SQL Injection Attack Using Server Side Code Modification in Web Applications

被引:11
|
作者
Dalai, Asish Kumar [1 ]
Jena, Sanjay Kumar [1 ]
机构
[1] Natl Inst Technol Rourkela, Dept Comp Sci & Engn, Odisha 769008, India
来源
SECURITY AND COMMUNICATION NETWORKS | 2017年
关键词
SECURITY;
D O I
10.1155/2017/3825373
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Reports on web application security risks show that SQL injection is the top most vulnerability. The journey of static to dynamic web pages leads to the use of database in web applications. Due to the lack of secure coding techniques, SQL injection vulnerability prevails in a large set of web applications. A successful SQL injection attack imposes a serious threat to the database, web application, and the entire web server. In this article, the authors have proposed a novel method for prevention of SQL injection attack. The classification of SQL injection attacks has been done based on the methods used to exploit this vulnerability. The proposed method proves to be efficient in the context of its ability to prevent all types of SQL injection attacks. Some popular SQL injection attack tools and web application security datasets have been used to validate the model. The results obtained are promising with a high accuracy rate for detection of SQL injection attack.
引用
收藏
页数:12
相关论文
共 50 条
  • [1] How to Prevent SQL Injection Attack Based on Web Applications
    Zheng Haiyan
    Wu Weituan
    Zhang Ruili
    [J]. PROCEEDINGS OF THE 2015 INTERNATIONAL CONFERENCE ON INDUSTRIAL TECHNOLOGY AND MANAGEMENT SCIENCE (ITMS 2015), 2015, 34 : 854 - 857
  • [2] On Defense and Detection of SQL SERVER Injection Attack
    Xue, Qian
    He, Peng
    [J]. 2011 7TH INTERNATIONAL CONFERENCE ON WIRELESS COMMUNICATIONS, NETWORKING AND MOBILE COMPUTING (WICOM), 2011,
  • [3] TESEC: Accurate Server-side Attack Investigation for Web Applications
    Wang, Ruihua
    Peng, Yihao
    Sun, Yilun
    Zhang, Xuancheng
    Wan, Hai
    Zhao, Xibin
    [J]. 2023 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, SP, 2023, : 2799 - 2816
  • [4] A longitudinal exploratory study on code smells in server side web applications
    Narjes Bessghaier
    Ali Ouni
    Mohamed Wiem Mkaouer
    [J]. Software Quality Journal, 2021, 29 : 901 - 941
  • [5] A longitudinal exploratory study on code smells in server side web applications
    Bessghaier, Narjes
    Ouni, Ali
    Mkaouer, Mohamed Wiem
    [J]. SOFTWARE QUALITY JOURNAL, 2021, 29 (04) : 901 - 941
  • [6] Detection Model for SQL Injection Attack: An Approach for Preventing a Web Application from the SQL Injection Attack
    Buja, Geogiana
    Bin Abd Jalil, Kamarularifin
    Ali, Fakariah Bt Hj Mohd
    Rahman, Teh Faradilla Abdul
    [J]. 2014 IEEE SYMPOSIUM ON COMPUTER APPLICATIONS AND INDUSTRIAL ELECTRONICS (ISCAIE), 2014,
  • [7] Client-Side Detection of SQL Injection Attack
    Shahriar, Hossain
    North, Sarah
    Chen, Wei-Chuen
    [J]. ADVANCED INFORMATION SYSTEMS ENGINEERING WORKSHOPS (CAISE), 2013, 148 : 512 - 517
  • [8] Encountering SQL Injection in Web Applications
    Padma, Joshi N.
    Raju, M. B.
    Ravishankar, N.
    Ravi, N. Ch
    [J]. PROCEEDINGS OF THE 2ND INTERNATIONAL CONFERENCE ON COMPUTING METHODOLOGIES AND COMMUNICATION (ICCMC 2018), 2018, : 257 - 261
  • [9] Prediction of SQL Injection Attacks in Web Applications
    Arumugam, Chamundeswari
    Dwarakanathan, Varsha Bhargavi
    Gnanamary, S.
    Neyveli, Vishalraj Natarajan
    Ramesh, Rohit Kanakuppaliyalil
    Kandhavel, Yeshwanthraa
    Balakrishnan, Sadhanandhan
    [J]. COMPUTATIONAL SCIENCE AND ITS APPLICATIONS, ICCSA 2019, PT IV, 2019, 11622 : 496 - 505
  • [10] A new algorithm for detecting SQL injection attack in Web application
    Lounis, Ouarda
    Guermeche, Salah Eddine Bouhouita
    Saoudi, Lalia
    Benaicha, Salah Eddine
    [J]. 2014 SCIENCE AND INFORMATION CONFERENCE (SAI), 2014, : 589 - 594
12345