scholarly journals SQL Injection Detection and Prevention Techniques in ASP.NET Web Application

2019 ◽  
Vol 8 (3) ◽  
pp. 7759-7766
Keyword(s):  
Private Information ◽  
Web Application ◽  
Query Language ◽  
Mobile Apps ◽  
Economic Loss ◽  
Structure Query Language ◽  
Sql Injection ◽  
Injection Attacks ◽  
Structure Query ◽  
Sql Injection Attacks

Injection in SQL (structure query language) is one of the threats to web-based apps, mobile apps and even desktop applications associated to the database. An effective SQL Injection Attacks (SQLIA) could have severe implications for the victimized organization including economic loss, loss of reputation, enforcement and infringement of regulations. Systems which do not validate the input of the user correctly make them susceptible to SQL injection. SQLIA happens once an attacker can incorporate a sequence of harmful SQL commands into a request by changing back-end database through user information. To use this sort of attacks may readily hack applications and grab the private information by the attacker. In this article we introduce deferential sort of process to safeguard against current SQLIA method and instruments that are used in ASP.NET apps to detect or stop these attacks.

scholarly journals Models and scenarios of implementation of threats for internet resources

2020 ◽  
Vol 8 (6) ◽  
pp. 9-33
Author(s):  
S. A. Lesko
Keyword(s):  
Web Application ◽  
Query Language ◽  
Sql Injection ◽  
Web Resource ◽  
Injection Attacks ◽  
Sql Injections ◽  
Sql Injection Attacks ◽  
Client Side ◽  
Cross Site ◽  
The Web

To facilitate the detection of various vulnerabilities, there are many different tools (scanners) that can help analyze the security of web applications and facilitate the development of their protection. But these tools for the most part can only identify problems, and they are not capable of fixing them. Therefore, the knowledge of the security developer is a key factor in building a secure Web resource. To resolve application security problems, developers must know all the ways and vectors of various attacks in order to be able to develop various protection mechanisms. This review discusses two of the most dangerous vulnerabilities in the field of Web technologies: SQL injections and XSS attacks (cross-site scripting – XSS), as well as specific cases and examples of their application, as well as various approaches to identifying vulnerabilities in applications and threat prevention. Cross-site scripting as well as SQL-injection attacks are related to validating input data. The mechanisms of these attacks are very similar, but in the XSS attacks the user is the victim, and in the SQL injection attacks, the database server of the Web application. In XSS attacks, malicious content is delivered to users by means of a client-side programming language such as JavaScript, while using SQL injection, the SQL database query language is used. At the same time, XSS attacks, unlike SQL injections, harm only the client side leaving the application server operational. Developers should develop security for both server components and the client part of the web application.

Bind but Dynamic Technique

2009 ◽  
pp. 880-890
Author(s):  
Ahmad Hammoud ◽  
Ramzi A. Haraty
Keyword(s):  
Web Application ◽  
Efficient Solution ◽  
Web Applications ◽  
Query Language ◽  
Sql Injection ◽  
Injection Attacks ◽  
Dynamic Technique ◽  
Structured Query Language ◽  
Sql Injection Attacks ◽  
Web Developers

Most Web developers underestimate the risk and the level of damage that might be caused when Web applications are vulnerable to SQL (structured query language) injections. Unfortunately, Web applications with such vulnerability constitute a large part of today’s Web application landscape. This article aims at highlighting the risk of SQL injection attacks and provides an efficient solution.

SQL Injection Attacks Countermeasures

2012 ◽  
pp. 194-213
Author(s):  
Kasra Amirtahmasebi ◽  
Seyed Reza Jalalinia
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Confidential Information ◽  
Sql Injection ◽  
Unauthorized Access ◽  
Injection Attacks ◽  
Prevention Techniques ◽  
Sql Injection Attack ◽  
Sql Injection Attacks ◽  
The Web

Due to the huge growth in the need for using Web applications worldwide, there have been huge efforts from programmers to develop and implement new Web applications to be used by companies. Since a number of these applications lack proper security considerations, malicious users will be able to gain unauthorized access to confidential information of organizations. A concept called SQL Injection Attack (SQLIA) is a prevalent method used by attackers to extract the confidential information from organizations’ databases. They work by injecting malicious SQL codes through the web application, and they cause unexpected behavior from the database. There are a number of SQL Injection detection/prevention techniques that must be used in order to prevent unauthorized access to databases.

scholarly journals A Learning-based Neural Network Model for the Detection and Classification of SQL Injection Attacks

2017 ◽  
Vol 7 (2) ◽  
pp. 16-41 ◽  
Author(s):  
Naghmeh Moradpoor Sheykhkanloo
Keyword(s):  
Neural Network ◽  
Web Application ◽  
Query Language ◽  
False Positive Rate ◽  
True Positive Rate ◽  
Injection Technique ◽  
Injection Attacks ◽  
Proposed Model ◽  
Positive Rate ◽  
Sql Injection Attacks

Structured Query Language injection (SQLi) attack is a code injection technique where hackers inject SQL commands into a database via a vulnerable web application. Injected SQL commands can modify the back-end SQL database and thus compromise the security of a web application. In the previous publications, the author has proposed a Neural Network (NN)-based model for detections and classifications of the SQLi attacks. The proposed model was built from three elements: 1) a Uniform Resource Locator (URL) generator, 2) a URL classifier, and 3) a NN model. The proposed model was successful to: 1) detect each generated URL as either a benign URL or a malicious, and 2) identify the type of SQLi attack for each malicious URL. The published results proved the effectiveness of the proposal. In this paper, the author re-evaluates the performance of the proposal through two scenarios using controversial data sets. The results of the experiments are presented in order to demonstrate the effectiveness of the proposed model in terms of accuracy, true-positive rate as well as false-positive rate.

scholarly journals Secure Online Election System

2019 ◽  
Vol 8 (11S) ◽  
pp. 1166-1171
Keyword(s):  
Web Application ◽  
Control Unit ◽  
Sql Injection ◽  
Stored Procedure ◽  
Injection Attacks ◽  
Election System ◽  
Sql Injection Attack ◽  
Online Voting ◽  
One Way Function ◽  
Sql Injection Attacks

India, the biggest democratic ruling system in terms of population utilises the Electronic Voting Machine or EVM for their general elections. Any EVM comprises of two units: The Control unit and the Ballot unit. O n g o i n g re s e a rc h h a s i n d i c a t e d m a n y disadvantages in the system. One of the main disadvantages we encounter is that many researchers have claimed that the EVM can easily be tampered with. EVMs also encounter many physical threats. To prevent these drawbacks, we have proposed an online voting s y s t e m w h i c h c o u n t e r m a n y p h y s i c a l difficulties faced by the EVM. One main difficulty in the online system is the SQL Injection attack. SQL injection is messing with the database and controlling it with the help of SQL Queries. Our project focuses on the Tautology based SQL Injection attack. In this attack, a statement whose value will always be true or 1 is passed instead of username and password by the hacker. This allows access to t h e d a t a b a s e w h i c h a l l o w s h i m / h e r t o manipulate it. Manipulation can be of several kinds. Web based Voting is another innovation that is rising which has the possibility of countering numerous downsides looked by the EVMs. The online voting application works as any other web application. Each voter who wants to vote needs to fill all the required details and create an account on the website first. On the day of voting, when voters cast their vote, they need to sign in with their respective credentials. When the credentials match with the data from database, the voter can get to the voting page and make his choice. An affirmation mail is the sent to the client after effectively making the choice. The votes cast by the voters are sent to a separate database which is viewed in the administration s i d e . We u s e s t o r e d p r o c e d u r e s a n d parameterized queries to prevent the Tautology based SQL attack. If a malicious user enters any query which has a value, it will simply be passed as a parameter to the SQL statement and wont be a component of the SQL statement itself, thus rendering the stored procedure invulnerable to SQL injection attacks. We also use the Secure Hash Algorithm 256 (SHA-256). It is a type of cryptographic hash function which generates a unique 256 bit long hash key for each vote. It is a one way function and so it cannot be decrypted. This ensures that the votes are not manipulated.

Method to Detect SQL Injection Attacks for Complex Network Environment

2013 ◽  
Vol 651 ◽  
pp. 841-845
Author(s):  
Wu Min Pan
Keyword(s):  
Operating Systems ◽  
Web Application ◽  
Security Risk ◽  
Defense System ◽  
Sql Injection ◽  
Injection Attacks ◽  
Test Application ◽  
Sql Injection Attack ◽  
Sql Injection Attacks ◽  
The Web

SQL injection has become a serious security risk among all the attacks against Web application. The SQL injection attack allows an attacker to access the underlying database unrestrictedly, and furthermore, retrieves the confidential information of the corporation and the network user. We found that most of the existing researches are able to detect most of the attacks, but they do not consider the complexity involved in using the defense system and the eventual cost of modification of the original program. For this reason, we conducts an in-depth research on SQL injection and defense: requires no modification of the web application code,and can be adapted to different usage scenarios,involving also different operating systems and server applications,and can be able to detect all the known injection points for the test application

A Research of the Essence of SQL Injection Attacks Vulnerability

2015 ◽  
Vol 719-720 ◽  
pp. 935-940
Author(s):  
Min Wan ◽  
Kun Liu
Keyword(s):  
Static Analysis ◽  
Web Application ◽  
Web Applications ◽  
Semantic Information ◽  
Semantic Gap ◽  
Sql Injection ◽  
Injection Attacks ◽  
Web System ◽  
Sql Injection Attacks ◽  
Filtering Techniques

Semantic Gap problem is the essence of the SQL Injection Attacks vulnerability in Web applications. Web application loses the semantic information while the SQL statement is constructed dynamically. This paper analyzes the cause of the SQLIA vulnerability. And then it analyzes several suggested techniques, such as the filtering techniques and the static analysis, and points out their drawbacks in the SOLIA prevention, which leads to the conclusion that the key problem for the eradication of SQLIA is to solve the semantic gap problem causing by the unstructured SQL statement in the process of constructing a Web system dynamically.

Joza: Hybrid Taint Inference for Defeating Web Application SQL Injection Attacks

2015 ◽  
Author(s):  
Abbas Naderi-Afooshteh ◽  
Anh Nguyen-Tuong ◽  
Mandana Bagheri-Marzijarani ◽  
Jason D. Hiser ◽  
Jack W. Davidson
Keyword(s):  
Web Application ◽  
Sql Injection ◽  
Injection Attacks ◽  
Sql Injection Attacks
Sign in / Sign up

Export Citation Format

Share Document