SQLi and XSS Attack Introduction and Prevention Technique

Gaikwad, Harshad Sanjay; Shah, Bhavesh; Chatte, Priyanka

doi:10.5120/ijca2017913798

Cited by 1 publication

(2 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Although, these language are beneficial and userfriendly; but at the same time they expose the web applications to SQL injection. Often web applications are vulnerable to the attacks when dynamic SQL statements are being used [7]. Because, this language is dynamic in nature, therefore, an unauthorized user can modify the original query by injecting a malicious code to the query at run-time [24].…”

Section:  Union-based Sql Injectionmentioning

confidence: 99%

“…There are a number of threats to database security: among them are i) excessive privilege which refers to users who are given permission to access or carry out various transactions in the database but abuse the permission instead, and ii) SQL injection which is the entry of unauthorized input into the database to carry out any instructions that are not valid [6]. In addition, weak audit trails or automatic recording of database transactions that are not performed properly and media used as storage for backups such as hard disks and tapes are also prone to theft [7]. Therefore to improve database security, this paper aims to propose a new method in preventing SQL injection.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A Method to Prevent SQL Injection Attack using an Improved Parameterized Stored Procedure

Ahmad¹,

Karim²

2021

IJACSA

View full text Add to dashboard Cite

Structured Query Language (SQL) injection is one of the critical threats to database security. The effects of SQL injection attacks cause the data contained in the database to be at risk of being exploited by irresponsible parties, compromising data integrity, disrupting server operations and in return affecting the organization's image. Although SQL injection is an attack performed at the application level, SQL injection prevention requires security controls at all levels, namely application level, database level and network level. The absence of SQL injection prevention measures at the application level makes the database vulnerable to attack. Reviews indicate that the current approaches still not sufficient in addressing these three issues, which are i) improper use of dynamic SQL, ii) lack of input validation process and iii) inconsistent error handling. Currently, program and database code security is based solely on basic security measures that are focused at the network level such as network firewalls, database access control and web server request filtering. Unfortunately, these measures are still inadequate and not sufficient to safe guard the program code and databases from the attack. To overcome this shortcoming as addressed by these three issues, a new comprehensive method is proposed using an improved parameterized stored procedure to enhance database security. Experimental results prove that the proposed method is able to prevent SQL injection from occurring and able to shorten the processing time when compared with existing methods, hence able to improve database security.

show abstract

Section:  Union-based Sql Injectionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%