A Detection and Prevention Technique on SQL Injection Attacks

Hlaing, Zar Chi Su Su; Khaing, Myo

doi:10.1109/icca49400.2020.9022833

Cited by 33 publications

(14 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As Table II indicates, the existing methods did not address the three issues highlighted in one single method; therefore they are not sufficient in securing the database from SQL injection attacks. The method proposed by [4] [12][21] [24] validates the data at the client side and ignore the validation process at the server side. Therefore malicious code might enter the database.…”

Section: An Overview Of the Existing Sql Injection Prevention Methodsmentioning

confidence: 99%

“…For example; students trying to change grades or exam marks. There are also cases which are not personal attacks; such as sabotage the database by deliberately deleting certain tables, shutting down database operations and disrupting network traffic [4]. The term ‗injection' is used because malicious code which considered as a non-valid input is injected into a valid SQL statement.…”

Section: Sql Injection Attackmentioning

confidence: 99%

“…The prevention from this injection has become the focus of database administrators, network administrators, application code programmers, database system providers, software developers and the top management of the organization. The problems brought by SQL injection have been around for a long time and are still a hot topic in information security issues [4] [5]. Web application security and database security are inter-dependent.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

A Method to Prevent SQL Injection Attack using an Improved Parameterized Stored Procedure

Ahmad¹,

Karim²

2021

IJACSA

View full text Add to dashboard Cite

Structured Query Language (SQL) injection is one of the critical threats to database security. The effects of SQL injection attacks cause the data contained in the database to be at risk of being exploited by irresponsible parties, compromising data integrity, disrupting server operations and in return affecting the organization's image. Although SQL injection is an attack performed at the application level, SQL injection prevention requires security controls at all levels, namely application level, database level and network level. The absence of SQL injection prevention measures at the application level makes the database vulnerable to attack. Reviews indicate that the current approaches still not sufficient in addressing these three issues, which are i) improper use of dynamic SQL, ii) lack of input validation process and iii) inconsistent error handling. Currently, program and database code security is based solely on basic security measures that are focused at the network level such as network firewalls, database access control and web server request filtering. Unfortunately, these measures are still inadequate and not sufficient to safe guard the program code and databases from the attack. To overcome this shortcoming as addressed by these three issues, a new comprehensive method is proposed using an improved parameterized stored procedure to enhance database security. Experimental results prove that the proposed method is able to prevent SQL injection from occurring and able to shorten the processing time when compared with existing methods, hence able to improve database security.

show abstract

Section: An Overview Of the Existing Sql Injection Prevention Methodsmentioning

confidence: 99%

Section: Sql Injection Attackmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A Method to Prevent SQL Injection Attack using an Improved Parameterized Stored Procedure

Ahmad¹,

Karim²

2021

IJACSA

View full text Add to dashboard Cite

show abstract

“…The proposed system is done by using two approaches, which are: creates lexicon and tokenize the input query statement and each string token was detected to predefined words lexicon to prevent SQLIA. Based on the experiment conducted, the proposed system is able to provide a successful prevention from various malicious query for injections [10].…”

Section: Recent Workmentioning

confidence: 99%

SEA WAF: The Prevention of SQL Injection Attacks on Web Applications

Harefa¹,

Prajena²,

Alexander³

et al. 2021

Adv. sci. technol. eng. syst. j.

View full text Add to dashboard Cite

The security of website application has become important in the last decades. According to the Open Web Application Security Project (OWASP), the SQL Injection is classified as one of the major vulnerabilities found in web application security. This research is focused on improving website security in dealing with SQL Injection attacks by stopping, monitoring, and dividing types of SQL Injection attacks using the features provided by the proposed Web Application Firewall (WAF). The architecture is designed to detect and prevent some types of SQL Injection attacks, including Tautologies, Logically Incorrect Queries, Union Queries, Piggy Backed Queries, Stored Procedures. For the testing scenario, this experiment uses an application that has become an industry standard in identifying and validating security holes on a website. The result of this research is that the proposed system is able to increase the website security from SQL Injection.

show abstract

“…SQL injection is an assault method with negated SQL articulations used to abuse how site pages speak with backend databases. It can take a shot at defenseless website pages that adventure a backend database like MySQL, Oracle, and MSSQL [15]. The Structured Query Language Injection (SQLI) attack is considered the most dangerous injection category attack because it compromises the main security services: confidentiality, authentication, authorization, and integrity [16].…”

Section: Sql Injectionmentioning

confidence: 99%

Web Application Penetration Testing Using SQL Injection Attack

Alanda

Satria

Ardhana

et al. 2021

JOIV : Int. J. Inform. Visualization

View full text Add to dashboard Cite

A web application is a very important requirement in the information and digitalization era. With the increasing use of the internet and the growing number of web applications, every web application requires an adequate security level to store information safely and avoid cyber attacks. Web applications go through rapid development phases with short turnaround times, challenging to eliminate vulnerabilities. The vulnerability on the web application can be analyzed using the penetration testing method. This research uses penetration testing with the black-box method to test web application security based on the list of most attacks on the Open Web Application Security Project (OWASP), namely SQL Injection. SQL injection allows attackers to obtain unrestricted access to the databases and potentially collecting sensitive information from databases. This research randomly tested several websites such as government, schools, and other commercial websites with several techniques of SQL injection attack. Testing was carried out on ten websites randomly by looking for gaps to test security using the SQL injection attack. The results of testing conducted 80% of the websites tested have a weakness against SQL injection attacks. Based on this research, SQL injection is still the most prevalent threat for web applications. Further research can explain detailed information about SQL injection with specific techniques and how to prevent this attack.

show abstract

A Detection and Prevention Technique on SQL Injection Attacks

Cited by 33 publications

References 4 publications

A Method to Prevent SQL Injection Attack using an Improved Parameterized Stored Procedure

A Method to Prevent SQL Injection Attack using an Improved Parameterized Stored Procedure

SEA WAF: The Prevention of SQL Injection Attacks on Web Applications

Web Application Penetration Testing Using SQL Injection Attack

Contact Info

Product

Resources

About