SQL Injection Detection and Prevention Techniques in ASP.NET Web Application

Kausar, Mohammad Abu; Nasar, Mohammad; Moyaid, Aiman

doi:10.35940/ijrte.c6319.098319

Cited by 5 publications

(7 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Whether key data such as table and field names have been tampered with. In the case of little impact on the detection accuracy of ordinary data, this method could effectively improve the detection accuracy of malicious input, reduce the false positive rate, and has a better detection effect [13]. In the design and application of database systems It is meaningful to learn from.…”

Section: Discussionmentioning

confidence: 99%

Malicious SQL data injection detection

Yan

Chen

2022

Second International Symposium on Computer Technology and Information Science (ISCTIS 2022)

View full text Add to dashboard Cite

SQL injection attack could obtain sensitive information in the database, tamper or delete illegally obtained information, etc., which causes immeasurable losses to the system. Aiming at SQL injection attack, this paper proposes a new SQL injection detection scheme that combines traditional detection methods with abstract syntax tree structure judgment based on semantic analysis. The solution includes modules such as data preprocessing, SQL statement pre-assembly, and semantic analysis. By assembling the user input content and the actual SQL template statement to form a complete SQL statement, the statement is subjected to structural judgment and semantic analysis to determine the request and precisely identify malicious injection attack.

show abstract

Section: Discussionmentioning

confidence: 99%

Malicious SQL data injection detection

Yan

Chen

2022

Second International Symposium on Computer Technology and Information Science (ISCTIS 2022)

View full text Add to dashboard Cite

show abstract

“…This umbrella term includes attacks that make use of tautologies, response errors, union queries, piggybacked queries, response time, malicious code injection to stored procedures, inference, and alternate encodings. The prevention of SQL injection can be done using input sanitization and validation, stored procedures, restricting user access and input length, encoding user information, and validating results [2,3]. Sanitization of input, prepared statements and tokens can be used in a secure coding approach to prevent SQL injection attack [4,5,6,7].…”

Section: Literature Surveymentioning

confidence: 99%

Prevention of SQL Injection Using a Comprehensive Input Sanitization Methodology

Sharma

Nalini

et al. 2023

Advances in Transdisciplinary Engineering

View full text Add to dashboard Cite

Databases are essential to modern-day web applications. Structured Query Language (SQL) used to retrieve information from relational database is prone to injection attack by a malicious user. Losing access to application database destroys all credibility for the organization. Mitigating against SQL injection attacks is a critical concern. This paper proposes a methodology for the safe flow of SQL query from the user layer to the database layer. The proposed methodology uses the process of client-side input sanitization to validate user input before a dynamic SQL query is constructed. On the server-side, another process provides server-side query sanitization to ensure a full-proof validation of the SQL query before it is run on the database. The client-side input sanitization process is presented in the paper. On comparison with related methodologies, the proposed methodology is robust, lightweight, and fast.

show abstract

“…In [12], the authors analysed some methods of detecting and preventing the SQL injection attacks such as AMNESIA, SQLCHECK Approach, CANDID, Auto-mated Approach, WASP, Swaddler, Tautology Checker, WebSSari and Ardilla. Based on the research conducted, it can be implied that the structure of developing web application must be considered carefully to avoid various types of SQL injection attacks.…”

Section: Recent Workmentioning

confidence: 99%

SEA WAF: The Prevention of SQL Injection Attacks on Web Applications

Harefa¹,

Prajena²,

Alexander³

et al. 2021

Adv. sci. technol. eng. syst. j.

View full text Add to dashboard Cite

The security of website application has become important in the last decades. According to the Open Web Application Security Project (OWASP), the SQL Injection is classified as one of the major vulnerabilities found in web application security. This research is focused on improving website security in dealing with SQL Injection attacks by stopping, monitoring, and dividing types of SQL Injection attacks using the features provided by the proposed Web Application Firewall (WAF). The architecture is designed to detect and prevent some types of SQL Injection attacks, including Tautologies, Logically Incorrect Queries, Union Queries, Piggy Backed Queries, Stored Procedures. For the testing scenario, this experiment uses an application that has become an industry standard in identifying and validating security holes on a website. The result of this research is that the proposed system is able to increase the website security from SQL Injection.

show abstract

SQL Injection Detection and Prevention Techniques in ASP.NET Web Application

Cited by 5 publications

References 13 publications

Malicious SQL data injection detection

Malicious SQL data injection detection

Prevention of SQL Injection Using a Comprehensive Input Sanitization Methodology

SEA WAF: The Prevention of SQL Injection Attacks on Web Applications

Contact Info

Product

Resources

About