scholarly journals Safety Measures and Auto Detection against SQL Injection Attacks

2019 ◽  
Vol 8 (4) ◽  
pp. 2827-2833
Keyword(s):  
Web Application ◽  
Application Programming Interface ◽  
Database Management System ◽  
Transport Layer ◽  
Prototype System ◽  
Large Network ◽  
Security Measures ◽  
Sql Injection ◽  
Sql Injection Attack ◽  
The Web

The SQL injection attack (SQLIA) occurred when the attacker integrating a code of a malicious SQL query into a valid query statement via a non-valid input. As a result the relational database management system will trigger these malicious query that cause to SQL injection attack. After successful execution, it may interrupts the CIA (confidentiality, integrity and availability) of web API. The vulnerability of Web Application Programming Interface (API) is the prior concern for any programming. The Web API is mainly based of Simple Object Access Protocol (SOAP) protocol which provide its own security and Representational State Transfer (REST) is provide the architectural style to security measures form transport layer. Most of the time developers or newly programmers does not follow the standards of safe programming and forget to validate their input fields in the form. This vulnerability in the web API opens the door for the threats and it’s become a cake walk for the attacker to exploit the database associated with the web API. The objective of paper is to automate the detection of SQL injection attack and secure the poorly coded web API access through large network traffic. The Snort and Moloch approaches are used to develop the hybrid model for auto detection as well as analyze the SQL injection attack for the prototype system

SQL Injection Attacks Countermeasures

2012 ◽  
pp. 194-213
Author(s):  
Kasra Amirtahmasebi ◽  
Seyed Reza Jalalinia
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Confidential Information ◽  
Sql Injection ◽  
Unauthorized Access ◽  
Injection Attacks ◽  
Prevention Techniques ◽  
Sql Injection Attack ◽  
Sql Injection Attacks ◽  
The Web

Due to the huge growth in the need for using Web applications worldwide, there have been huge efforts from programmers to develop and implement new Web applications to be used by companies. Since a number of these applications lack proper security considerations, malicious users will be able to gain unauthorized access to confidential information of organizations. A concept called SQL Injection Attack (SQLIA) is a prevalent method used by attackers to extract the confidential information from organizations’ databases. They work by injecting malicious SQL codes through the web application, and they cause unexpected behavior from the database. There are a number of SQL Injection detection/prevention techniques that must be used in order to prevent unauthorized access to databases.

Method to Detect SQL Injection Attacks for Complex Network Environment

2013 ◽  
Vol 651 ◽  
pp. 841-845
Author(s):  
Wu Min Pan
Keyword(s):  
Operating Systems ◽  
Web Application ◽  
Security Risk ◽  
Defense System ◽  
Sql Injection ◽  
Injection Attacks ◽  
Test Application ◽  
Sql Injection Attack ◽  
Sql Injection Attacks ◽  
The Web

SQL injection has become a serious security risk among all the attacks against Web application. The SQL injection attack allows an attacker to access the underlying database unrestrictedly, and furthermore, retrieves the confidential information of the corporation and the network user. We found that most of the existing researches are able to detect most of the attacks, but they do not consider the complexity involved in using the defense system and the eventual cost of modification of the original program. For this reason, we conducts an in-depth research on SQL injection and defense: requires no modification of the web application code,and can be adapted to different usage scenarios,involving also different operating systems and server applications,and can be able to detect all the known injection points for the test application

SQL Injection Attack on Web Application

2018 ◽  
Vol 7 (S1) ◽  
pp. 11-15
Author(s):  
S. Parameswari ◽  
K. Kavitha
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Sql Injection ◽  
Injection Attacks ◽  
Sql Injection Attack ◽  
Simplified Algorithm ◽  
Basic Features ◽  
Sql Injection Attacks ◽  
Almost All ◽  
The Web

SQL injection attacks are one of the highest dangers for applications composed for the Web. These attacks are dispatched through uncommonly made client information on web applications that utilizes low level string operations to build SQL queries. An SQL injection weakness permits an assailant to stream summons straightforwardly to a web application’s hidden database and annihilate usefulness or privacy. In this paper we proposed a simplified algorithm which works on the basic features of the SQL Injection attacks and will successfully detect almost all types of SQL Injection attacks. In the paper we have also presented the experiment results in order to acknowledge the proficiency of our algorithm.

Automated Detection of SQL Injection Attack on Blockchain-Based Database

2021 ◽  
pp. 321-341
Author(s):  
Keshav Sinha ◽  
Amit Kumar Keshari
Keyword(s):  
Network Analysis ◽  
Denial Of Service ◽  
Automated Detection ◽  
Distributed Environment ◽  
Sql Injection ◽  
Insider Attack ◽  
Challenging Tasks ◽  
Sql Injection Attack ◽  
The Web

In the era of computing, where the data are stored in a cloud or distributed environment, the privacy of data is one of the challenging tasks. The attacks like denial of service attacks (DoS), insider attack compromised the security of the system. In this chapter, the authors discussed a blockchain-based database, where data are encrypted and stored. The Web API is used as an interface for the storage and sharing of data in the blockchain system. There are several types of attacks that are performed by the adversary on the database to destroy the vulnerability of the system. Here, the authors are mainly focused on the SQL injection attack which is performed by the adversary on Web API. To cope with this problem, they present the case study based on the Snort and Moloch for automated detection of SQL attack, network analysis, and testing of the system.

SQL Code Poisoning

2011 ◽  
pp. 161-171
Author(s):  
Theodoros Tzouramanis
Keyword(s):  
Anomaly Detection ◽  
Management System ◽  
Database Management ◽  
Query Language ◽  
Database Management System ◽  
Sql Injection ◽  
Database Administrator ◽  
Structured Query Language ◽  
Sql Injection Attack ◽  
Cross Site

Anomaly Detection; Cookie Poisoning; CRLF Injection Attack; Cross-Site Scripting (or CSS) Attack Database Administrator (DBA); Database Management System (DBMS); Database Structured Query Language (SQL); Directory Traversal Attack; Google Hacking Attack; Secrecy; Integrity; and Availability; SQL Code Poisoning (or SQL Injection) Attack

scholarly journals Secure Online Election System

2019 ◽  
Vol 8 (11S) ◽  
pp. 1166-1171
Keyword(s):  
Web Application ◽  
Control Unit ◽  
Sql Injection ◽  
Stored Procedure ◽  
Injection Attacks ◽  
Election System ◽  
Sql Injection Attack ◽  
Online Voting ◽  
One Way Function ◽  
Sql Injection Attacks

India, the biggest democratic ruling system in terms of population utilises the Electronic Voting Machine or EVM for their general elections. Any EVM comprises of two units: The Control unit and the Ballot unit. O n g o i n g re s e a rc h h a s i n d i c a t e d m a n y disadvantages in the system. One of the main disadvantages we encounter is that many researchers have claimed that the EVM can easily be tampered with. EVMs also encounter many physical threats. To prevent these drawbacks, we have proposed an online voting s y s t e m w h i c h c o u n t e r m a n y p h y s i c a l difficulties faced by the EVM. One main difficulty in the online system is the SQL Injection attack. SQL injection is messing with the database and controlling it with the help of SQL Queries. Our project focuses on the Tautology based SQL Injection attack. In this attack, a statement whose value will always be true or 1 is passed instead of username and password by the hacker. This allows access to t h e d a t a b a s e w h i c h a l l o w s h i m / h e r t o manipulate it. Manipulation can be of several kinds. Web based Voting is another innovation that is rising which has the possibility of countering numerous downsides looked by the EVMs. The online voting application works as any other web application. Each voter who wants to vote needs to fill all the required details and create an account on the website first. On the day of voting, when voters cast their vote, they need to sign in with their respective credentials. When the credentials match with the data from database, the voter can get to the voting page and make his choice. An affirmation mail is the sent to the client after effectively making the choice. The votes cast by the voters are sent to a separate database which is viewed in the administration s i d e . We u s e s t o r e d p r o c e d u r e s a n d parameterized queries to prevent the Tautology based SQL attack. If a malicious user enters any query which has a value, it will simply be passed as a parameter to the SQL statement and wont be a component of the SQL statement itself, thus rendering the stored procedure invulnerable to SQL injection attacks. We also use the Secure Hash Algorithm 256 (SHA-256). It is a type of cryptographic hash function which generates a unique 256 bit long hash key for each vote. It is a one way function and so it cannot be decrypted. This ensures that the votes are not manipulated.

Sign in / Sign up

Export Citation Format

Share Document