scholarly journals Detection of SQL Injection Attack in Web Applications using Web Services

2012 ◽  
Vol 1 (5) ◽  
pp. 13-20 ◽  
Author(s):  
V Shanmughaneethi
Keyword(s):  
Web Services ◽  
Web Applications ◽  
Sql Injection ◽  
Sql Injection Attack

SQL Injection Attacks Countermeasures

2012 ◽  
pp. 194-213
Author(s):  
Kasra Amirtahmasebi ◽  
Seyed Reza Jalalinia
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Confidential Information ◽  
Sql Injection ◽  
Unauthorized Access ◽  
Injection Attacks ◽  
Prevention Techniques ◽  
Sql Injection Attack ◽  
Sql Injection Attacks ◽  
The Web

Due to the huge growth in the need for using Web applications worldwide, there have been huge efforts from programmers to develop and implement new Web applications to be used by companies. Since a number of these applications lack proper security considerations, malicious users will be able to gain unauthorized access to confidential information of organizations. A concept called SQL Injection Attack (SQLIA) is a prevalent method used by attackers to extract the confidential information from organizations’ databases. They work by injecting malicious SQL codes through the web application, and they cause unexpected behavior from the database. There are a number of SQL Injection detection/prevention techniques that must be used in order to prevent unauthorized access to databases.

scholarly journals A Review on Methods for Prevention of SQL Injection Attack

2019 ◽  
pp. 463-470 ◽  
Author(s):  
Sweta Raut ◽  
Akshay Nikhare ◽  
Yogesh Punde ◽  
Snehal Manerao ◽  
Shubham Choudhary
Keyword(s):  
Pattern Matching ◽  
Programming Language ◽  
Web Applications ◽  
General Purpose ◽  
Sql Injection ◽  
Matching Algorithm ◽  
Low Level ◽  
Persistent Data ◽  
Sql Injection Attack ◽  
Pattern Matching Algorithm

Web applications generally interact with backend information to retrieve persistent data and then present the information to the user as dynamically generated output, like HTML websites. This communication is commonly done through a low–level API by dynamically constructing query strings within a general-purpose programming language. SQL Injection Attack (SQLIA) is one of the very serious threats to web applications. This paper is a review on preventing technique for a SQL injection attack which can secure web applications against SQLimplantation. This paper also demonstrates a technique for preventing SQL Injection Attack (SQLIA) using Aho–Corasick pattern matching algorithm

scholarly journals Web Application Penetration Testing Using SQL Injection Attack

2021 ◽  
Vol 5 (3) ◽  
pp. 320
Author(s):  
Alde Alanda ◽  
Deni Satria ◽  
M.Isthofa Ardhana ◽  
Andi Ahmad Dahlan ◽  
Hanriyawan Adnan Mooduto
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Rapid Development ◽  
Security Level ◽  
Sensitive Information ◽  
Sql Injection ◽  
Web Application Security ◽  
Penetration Testing ◽  
Application Security ◽  
Sql Injection Attack

A web application is a very important requirement in the information and digitalization era. With the increasing use of the internet and the growing number of web applications, every web application requires an adequate security level to store information safely and avoid cyber attacks. Web applications go through rapid development phases with short turnaround times, challenging to eliminate vulnerabilities. The vulnerability on the web application can be analyzed using the penetration testing method. This research uses penetration testing with the black-box method to test web application security based on the list of most attacks on the Open Web Application Security Project (OWASP), namely SQL Injection. SQL injection allows attackers to obtain unrestricted access to the databases and potentially collecting sensitive information from databases. This research randomly tested several websites such as government, schools, and other commercial websites with several techniques of SQL injection attack. Testing was carried out on ten websites randomly by looking for gaps to test security using the SQL injection attack. The results of testing conducted 80% of the websites tested have a weakness against SQL injection attacks. Based on this research, SQL injection is still the most prevalent threat for web applications. Further research can explain detailed information about SQL injection with specific techniques and how to prevent this attack.

SQL Injection Attack on Web Application

2018 ◽  
Vol 7 (S1) ◽  
pp. 11-15
Author(s):  
S. Parameswari ◽  
K. Kavitha
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Sql Injection ◽  
Injection Attacks ◽  
Sql Injection Attack ◽  
Simplified Algorithm ◽  
Basic Features ◽  
Sql Injection Attacks ◽  
Almost All ◽  
The Web

SQL injection attacks are one of the highest dangers for applications composed for the Web. These attacks are dispatched through uncommonly made client information on web applications that utilizes low level string operations to build SQL queries. An SQL injection weakness permits an assailant to stream summons straightforwardly to a web application’s hidden database and annihilate usefulness or privacy. In this paper we proposed a simplified algorithm which works on the basic features of the SQL Injection attacks and will successfully detect almost all types of SQL Injection attacks. In the paper we have also presented the experiment results in order to acknowledge the proficiency of our algorithm.

scholarly journals Hybrid method integrating SQL-IF and Naïve Bayes for SQL injection attack avoidance

2021 ◽  
Vol 1 (2) ◽  
Author(s):  
Faisal Yudo Hernawan ◽  
Indra Hidayatulloh ◽  
Ipam Fuaddina Adam
Keyword(s):  
Hybrid Method ◽  
Web Applications ◽  
Naive Bayes ◽  
Naïve Bayes ◽  
Sql Injection ◽  
Bayes Methods ◽  
Injection Attacks ◽  
Attack Patterns ◽  
Sql Injection Attack ◽  
Sql Injection Attacks

Web applications are the objects most targeted by attackers. The technique most often used to attack web applications is SQL injection. This attack is categorized as dangerous because it can be used to illegally retrieve, modify, delete data, and even take over databases and web applications. To prevent SQL injection attacks from being executed by the database, a system that can identify attack patterns and can learn to detect new patterns from various attack patterns that have occurred is required. This study aims to build a system that acts as a proxy to prevent SQL injection attacks using the Hybrid Method which is a combination of SQL Injection Free Secure (SQL-IF) and Naïve Bayes methods. Tests were carried out to determine the level of accuracy, the effect of constants (K) on SQL-IF, and the number of datasets on Naïve Bayes on the accuracy and efficiency (average load time) of web pages. The test results showed that the Hybrid Method can improve the accuracy of SQL injection attack prevention. Smaller K values and larger dataset will produce better accuracy. The Hybrid Method produces a longer average web page load time than using only the SQL-IF or Naïve Bayes methods.

scholarly journals Neutralizing SQL Injection Attack on Web Application Using Server Side Code Modification

2019 ◽  
pp. 158-173
Author(s):  
Sarjiyus O. ◽  
El-Yakub M. B.
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Web Security ◽  
Security Threat ◽  
Sql Injection ◽  
Server Side ◽  
Injection Attacks ◽  
Sql Injection Attack ◽  
Sql Injection Attacks ◽  
Code Modification

SQL Injection attacks pose a very serious security threat to Web applications and web servers. They allow attackers to obtain unrestricted access to the databases underlying the applications and to the potentially sensitive and important information these databases contain. This research, “Neutralizing SQL Injection attack on web application using server side code modification” proposes a method for boosting web security by detecting SQL Injection attacks on web applications by modification on the server code so as to minimize vulnerability and mitigate fraudulent and malicious activities. This method has been implemented on a simple website with a database to register users with an admin that has control privileges. The server used is a local server and the server code was written with PHP as the back end. The front end was designed using MySQL. PHP server side scripting language was used to modify codes. ‘PDO prepare’ a tool to prepare parameters to be executed. The proposed method proved to be efficient in the context of its ability to prevent all types of SQL injection attacks. Acunetix was used to test the vulnerability of the code, and the code was implemented on a simple website with a simple database. Some popular SQL injection attack tools and web application security datasets have been used to validate the model. Unlike most approaches, the proposed method is quite simple to implement yet highly effective. The results obtained are promising with a high accuracy rate for detection of SQL injection attack.

scholarly journals Neutralizing SQL Injection Attack Using Server Side Code Modification in Web Applications

2017 ◽  
Vol 2017 ◽  
pp. 1-12 ◽  
Author(s):  
Asish Kumar Dalai ◽  
Sanjay Kumar Jena
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Large Set ◽  
Sql Injection ◽  
Web Application Security ◽  
Application Security ◽  
Server Side ◽  
Injection Attacks ◽  
Sql Injection Attack ◽  
Sql Injection Attacks

Reports on web application security risks show that SQL injection is the top most vulnerability. The journey of static to dynamic web pages leads to the use of database in web applications. Due to the lack of secure coding techniques, SQL injection vulnerability prevails in a large set of web applications. A successful SQL injection attack imposes a serious threat to the database, web application, and the entire web server. In this article, the authors have proposed a novel method for prevention of SQL injection attack. The classification of SQL injection attacks has been done based on the methods used to exploit this vulnerability. The proposed method proves to be efficient in the context of its ability to prevent all types of SQL injection attacks. Some popular SQL injection attack tools and web application security datasets have been used to validate the model. The results obtained are promising with a high accuracy rate for detection of SQL injection attack.

scholarly journals Model Based Approach to Prevent SQL Injection Attacks on .NET Applications

2011 ◽  
pp. 143-147
Author(s):  
Shikhar Jain ◽  
Alwyn R. Pais
Keyword(s):  
Dynamic Analysis ◽  
Web Applications ◽  
Sql Injection ◽  
Static And Dynamic Analysis ◽  
Model Based ◽  
Injection Attacks ◽  
Sql Injection Attack ◽  
Sql Injection Attacks ◽  
Query Model ◽  
Dynamic Query

Web applications support static and dynamic queries to access the database. Dynamic queries take input from the user and use that input to form the query. A user can give malicious input to the application which results in an incorrect query or an unauthorized query and performs vulnerable action on the database. In this paper, we presented an approach to prevent SQL injection attack (SQLIA) on .Net applications using static and dynamic analysis of the queries. The paper explains comparison of Dynamic query model and static query model in order to validate the query before sending it to the database. The result obtained proves that our designed tool has achieved prevention from SQL injection at greater extend.

Sign in / Sign up

Export Citation Format

Share Document