scholarly journals SQL Injection and Areas of Security Concern

2021 ◽  
Vol 10 (5) ◽  
pp. 60-66
Author(s):  
Shubham Singh ◽  
Pranju Mishra ◽  
Samruddhi Kshirsagar ◽  
Shubham Bharadia ◽  
Narendra Joshi
Keyword(s):  
Sql Injection ◽  
Application Security ◽  
Injection Attacks ◽  
Cyber Crimes ◽  
Sql Injection Attacks ◽  
Security Concern

Cyber-crimes are growing rapidly and to prevent these crimes one should share all the knowledge he/she has to make people aware of these attacks. In the field of Application Security there is a very well-known vulnerability ―SQL INJECTION‖. In this paper, we have focused on what are the type of SQL Injection attacks and where it can be found in any application.

scholarly journals Neutralizing SQL Injection Attack Using Server Side Code Modification in Web Applications

2017 ◽  
Vol 2017 ◽  
pp. 1-12 ◽  
Author(s):  
Asish Kumar Dalai ◽  
Sanjay Kumar Jena
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Large Set ◽  
Sql Injection ◽  
Web Application Security ◽  
Application Security ◽  
Server Side ◽  
Injection Attacks ◽  
Sql Injection Attack ◽  
Sql Injection Attacks

Reports on web application security risks show that SQL injection is the top most vulnerability. The journey of static to dynamic web pages leads to the use of database in web applications. Due to the lack of secure coding techniques, SQL injection vulnerability prevails in a large set of web applications. A successful SQL injection attack imposes a serious threat to the database, web application, and the entire web server. In this article, the authors have proposed a novel method for prevention of SQL injection attack. The classification of SQL injection attacks has been done based on the methods used to exploit this vulnerability. The proposed method proves to be efficient in the context of its ability to prevent all types of SQL injection attacks. Some popular SQL injection attack tools and web application security datasets have been used to validate the model. The results obtained are promising with a high accuracy rate for detection of SQL injection attack.

scholarly journals MITIGATION HANDLING OF SQL INJECTION ATTACKS ON WEBSITES USING OWASP FRAMEWORK

Kursor ◽  
2019 ◽  
Vol 9 (4) ◽  
Author(s):  
Wasito Sukarno ◽  
Imam Riadi
Keyword(s):  
Information System ◽  
Web Application ◽  
Sql Injection ◽  
Web Application Security ◽  
Application Security ◽  
Security Issues ◽  
Injection Attacks ◽  
Information Technology Security ◽  
Web Attacks ◽  
Sql Injection Attacks

The development of the security system on the application of a website is now more advanced. But a software that has vulnerability will threaten all fields such as information system of health, defense, finance, and education. Information technology security issues will become the threat that made managers of the website (webadmin) alerted. This paper is focused on how to handle various application web attacks, especially attacks that uses SQL Injection, using The Open Web Application Security Project (OWASP), the aim is raise awareness about application security web and how to handle an occurred attack.

scholarly journals Retrofitting Existing Web Applications with Effective Dynamic Protection Against SQL Injection Attacks

2010 ◽  
Vol 1 (1) ◽  
pp. 20-40 ◽  
Author(s):  
San-Tsai Sun ◽  
Konstantin Beznosov
Keyword(s):  
Web Applications ◽  
False Positives ◽  
Sql Injection ◽  
Injection Attacks ◽  
Track Parameter ◽  
Effective Dynamic ◽  
Protection Mechanisms ◽  
Sql Injection Attacks ◽  
Application Developers ◽  
Parameter Values

This article presents an approach for retrofitting existing Web applications with run-time protection against known, as well as unseen, SQL injection attacks (SQLIAs) without the involvement of application developers. The precision of the approach is also enhanced with a method for reducing the rate of false positives in the SQLIA detection logic, via runtime discovery of the developers’ intention for individual SQL statements made by Web applications. The proposed approach is implemented in the form of protection mechanisms for J2EE, ASP.NET, and ASP applications. Named SQLPrevent, these mechanisms intercept HTTP requests and SQL statements, mark and track parameter values originating from HTTP requests, and perform SQLIA detection and prevention on the intercepted SQL statements. The AMNESIA testbed is extended to contain false-positive testing traces, and is used to evaluate SQLPrevent. In our experiments, SQLPrevent produced no false positives or false negatives, and imposed a maximum 3.6% performance overhead with 30 milliseconds response time for the tested applications.

SQL Injection Attacks Countermeasures

2012 ◽  
pp. 194-213
Author(s):  
Kasra Amirtahmasebi ◽  
Seyed Reza Jalalinia
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Confidential Information ◽  
Sql Injection ◽  
Unauthorized Access ◽  
Injection Attacks ◽  
Prevention Techniques ◽  
Sql Injection Attack ◽  
Sql Injection Attacks ◽  
The Web

Due to the huge growth in the need for using Web applications worldwide, there have been huge efforts from programmers to develop and implement new Web applications to be used by companies. Since a number of these applications lack proper security considerations, malicious users will be able to gain unauthorized access to confidential information of organizations. A concept called SQL Injection Attack (SQLIA) is a prevalent method used by attackers to extract the confidential information from organizations’ databases. They work by injecting malicious SQL codes through the web application, and they cause unexpected behavior from the database. There are a number of SQL Injection detection/prevention techniques that must be used in order to prevent unauthorized access to databases.

Sign in / Sign up

Export Citation Format

Share Document